TechSpot

Help securing laptop

By Hurriken
Jan 31, 2012
  1. If this is in the wrong place, my bad, I wasn't sure where to go with this.

    To start off, the laptop appears to be fine as far as viruses and malware go. I just want to secure my system. I'll explain. I inherited my daughters old laptop (rode hard put away wet) and it has become my wifes. My wife is a computer novice, "how do I close the browser window again?" but she is learning quickly. I have been helped here on a few of my computers and especially like the final steps that secure the system for future use. Because I'm usually here with a system stifling infection I'm not sure where to start with this system.

    Right before she gave it to us she was having problems with Avast. Her friend, meaning well, removed it completely but installed no replacement. It has been like this for a month. I checked that it truly was removed and then downloaded the latest version of Avast and installed it. I ran malwarebytes(updated first) and found about 50 something bugs. Since it isn't really showing problems I decided to stop there and ask.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.01.31.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    Melissa :: MELISSA-PC [administrator]

    1/31/2012 10:34:46 AM
    mbam-log-2012-01-31 (10-34-46).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 416885
    Time elapsed: 1 hour(s), 39 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 12
    HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator (Adware.Agent) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 29
    C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Delete on reboot.
    C:\Users\Melissa\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    Files Detected: 109
    C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Delete on reboot.
    C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\qjy.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FB56WYB\SoftonicDownloader_for_ac97-audio-codec[1].exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VERTZULD\sh[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4COL4H3Z\PDFCreatorSetup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
    C:\Users\Melissa\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/12/2008 5:52:15 AM
    System Uptime: 1/31/2012 1:51:48 PM (7 hours ago)
    .
    Motherboard: Quanta | | 30CF
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 37.592 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.98 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0018
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #3
    PNP Device ID: ROOT\*6TO4MP\0018
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0025
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #10
    PNP Device ID: ROOT\*6TO4MP\0025
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0032
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #15
    PNP Device ID: ROOT\*6TO4MP\0032
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0036
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #19
    PNP Device ID: ROOT\*6TO4MP\0036
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0038
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #21
    PNP Device ID: ROOT\*6TO4MP\0038
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0039
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #22
    PNP Device ID: ROOT\*6TO4MP\0039
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0041
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #24
    PNP Device ID: ROOT\*6TO4MP\0041
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0044
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #26
    PNP Device ID: ROOT\*6TO4MP\0044
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0046
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #28
    PNP Device ID: ROOT\*6TO4MP\0046
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP785: 9/14/2011 1:00:17 AM - Windows Update
    RP786: 9/14/2011 5:19:03 PM - Scheduled Checkpoint
    RP787: 9/17/2011 2:05:06 AM - Windows Update
    RP788: 9/18/2011 10:46:15 PM - Scheduled Checkpoint
    RP789: 9/20/2011 8:21:03 AM - Scheduled Checkpoint
    RP790: 11/25/2011 5:51:56 PM - Windows Update
    RP791: 11/26/2011 1:57:28 PM - Windows Update
    RP792: 11/26/2011 2:39:24 PM - Installed Java(TM) 6 Update 29
    RP793: 11/26/2011 2:41:45 PM - Installed Java Runtime Environment
    RP794: 12/14/2011 5:54:41 PM - Windows Update
    RP795: 12/14/2011 10:01:30 PM - Windows Update
    RP796: 12/17/2011 10:22:32 PM - Windows Update
    RP797: 12/22/2011 10:30:00 PM - Windows Update
    RP798: 12/24/2011 8:19:51 PM - Installed HP Product Detection
    RP799: 12/24/2011 8:21:25 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
    RP800: 12/24/2011 8:24:16 PM - Windows Update
    RP801: 12/24/2011 8:29:25 PM - avast! Free Antivirus Setup
    RP802: 1/28/2012 8:03:08 PM - Windows Update
    RP803: 1/31/2012 9:26:52 AM - Windows Update
    RP804: 1/31/2012 9:35:58 AM - Removed Ask Toolbar.
    RP805: 1/31/2012 9:36:43 AM - Removed Ask Toolbar.
    RP806: 1/31/2012 9:39:09 AM - Windows Update
    RP807: 1/31/2012 2:11:51 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player
    AIM 6
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    Auf geht's! 1.7
    avast! Free Antivirus
    Bonjour
    Cards_Calendar_OrderGift_DoMorePlugout
    CHOIDY USB PC Camera
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    DVD Suite
    DyKnow Tablet Runtime 5.2 SP1
    EA Link
    Goombah Partner COM Server
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Easy Setup - Frontend
    HP Help and Support
    HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
    HP Photosmart Essential 2.5
    HP Product Detection
    HP Quick Launch Buttons 6.30 E1
    HP QuickPlay 3.6
    HP QuickTouch 1.00 C4
    HP Smart Web Printing
    HP Total Care Advisor
    HP Update
    HP User Guides 0087
    HP Wireless Assistant
    HPNetworkAssistant
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 29
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LabelPrint
    Last.fm 1.5.2.38918
    LightScribe System Software 1.10.13.1
    Malwarebytes Anti-Malware version 1.60.1.1000
    MediaWidget 6.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Move Networks Media Player for Internet Explorer
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    NetWaiting
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Power2Go
    PowerDirector
    PSSWCORE
    QuickPlay SlingPlayer 0.4.6
    QuickTime
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Ruckus Player
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Sibelius Scorch (ActiveX Only)
    Skype™ 4.0
    Slingbox Flash Tour
    SlingPlayer
    Synaptics Pointing Device Driver
    The Sims™ Life Stories
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VideoToolkit01
    Viewpoint Media Player
    Visual Studio Tools for the Office system 3.0 Runtime
    WeatherBug Gadget
    Windows Media Encoder 9 Series
    .
    ==== End Of File ===========================
     
  4. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170
    Run by Melissa at 20:03:02 on 2012-01-31
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1157 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=1
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [BSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\users\melissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{289E86F5-D5D7-4F6D-A0C9-EB3CB4F2B692} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C09F4A64-DE2B-4588-8E97-539B9F2EBDD0} : DhcpNameServer = 192.168.178.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-31 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-31 314456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-31 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-31 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-31 44768]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-3-19 252416]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-3-19 398720]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-31 20:13:30 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-31 20:13:29 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-01-31 20:12:40 41184 ----a-w- c:\windows\avastSS.scr
    2012-01-31 20:12:13 -------- d-----w- c:\programdata\AVAST Software
    2012-01-31 20:12:13 -------- d-----w- c:\program files\AVAST Software
    2012-01-31 15:40:00 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba131242-f0e5-47aa-8b5f-0c3b9ea65cd1}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-12-25 02:46:50 319488 ----a-w- c:\windows\HideWin.exe
    2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-07 12:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 06:48:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-16 16:23:44 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 16:23:08 72704 ----a-w- c:\windows\system32\secur32.dll
    2011-11-16 16:23:05 278528 ----a-w- c:\windows\system32\schannel.dll
    2011-11-16 16:21:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-16 14:12:25 9728 ----a-w- c:\windows\system32\lsass.exe
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 20:03:35.44 ===============
     
  5. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    For some reason the GMER file I saved is gone so I have to run it again.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    OK................
     
  7. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    GMER tried to give me some trouble but here it is finally.
    -----------------------------------------------------------------------------------------------------


    GMER 1.0.15.15641 - httpwww.gmer.net
    Rootkit scan 2012-02-01 113451
    Windows 6.0.6002 Service Pack 2 Harddisk0DR0 - DeviceIdeIdeDeviceP2T0L0-3 FUJITSU_MHZ2160BH_G2 rev.8909
    Running r1thux4x.exe; Driver CUsersMelissaAppDataLocalTempkwliifod.sys


    ---- System - GMER 1.0.15 ----

    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwAddBootEntry [0x8FE14FC4]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateEvent [0x8FE17456]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateEventPair [0x8FE174AE]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateIoCompletion [0x8FE175C4]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateMutant [0x8FE173AC]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateSection [0x8FE174FE]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateSemaphore [0x8FE17400]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateTimer [0x8FE17572]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwDeleteBootEntry [0x8FE14FE8]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwLoadDriver [0x8FE14DB2]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwModifyBootEntry [0x8FE1500C]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwNotifyChangeKey [0x8FE179BC]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwNotifyChangeMultipleKeys [0x8FE15AA4]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenEvent [0x8FE17486]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenEventPair [0x8FE174D6]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenIoCompletion [0x8FE175EE]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenMutant [0x8FE173D8]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenSection [0x8FE1753E]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenSemaphore [0x8FE1742E]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenTimer [0x8FE1759C]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwQueryObject [0x8FE1596A]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetBootEntryOrder [0x8FE15030]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetBootOptions [0x8FE15054]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetSystemInformation [0x8FE14E0C]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetSystemPowerState [0x8FE14F48]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwShutdownSystem [0x8FE14F24]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSystemDebugControl [0x8FE14F6C]
    SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwVdmControl [0x8FE15078]

    Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwCreateProcessEx [0x904867A2]
    Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ObInsertObject
    Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 832B0890 4 Bytes [C4, 4F, E1, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 832B0954 8 Bytes [56, 74, E1, 8F, AE, 74, E1, ...]
    .text ntkrnlpa.exe!KeSetEvent + 1DD 832B0960 4 Bytes [C4, 75, E1, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 832B0978 4 Bytes [AC, 73, E1, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 215 832B0998 8 Bytes [FE, 74, E1, 8F, 00, 74, E1, ...]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833DB62F 5 Bytes JMP 9048369C SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 83434543 5 Bytes JMP 9048515C SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8343DE68 4 Bytes CALL 8FE16025 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83441ADC 4 Bytes CALL 8FE1603B SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 83495DCA 7 Bytes JMP 904867A6 SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software)
    .text CWindowssystem32DRIVERSnvlddmkm.sys section is writeable [0x8F20E340, 0x3FA057, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
    .text CProgram FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe[284] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
    .text CProgram FilesBonjourmDNSResponder.exe[320] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesBonjourmDNSResponder.exe[320] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesBonjourmDNSResponder.exe[320] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 002703FC
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00270600
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00271014
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00270804
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00270A08
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00270C0C
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00270E10
    .text CProgram FilesBonjourmDNSResponder.exe[320] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 002701F8
    .text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00280600
    .text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00280804
    .text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00280A08
    .text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 002801F8
    .text CProgram FilesBonjourmDNSResponder.exe[320] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 002803FC
    .text CWindowssystem32svchost.exe[344] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[344] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[344] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[344] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001903FC
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00190600
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00191014
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00190804
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 3 Bytes JMP 00190A08
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfigW + 4 77A06F85 1 Byte [88]
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00190C0C
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00190E10
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001901F8
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 001A0600
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 001A0804
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 001A0A08
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001A01F8
    .text CProgram FilesCommon FilesLightScribeLSSrvc.exe[468] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001A03FC
    .text CWindowssystem32csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32wininit.exe[648] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000301F8
    .text CWindowssystem32wininit.exe[648] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000303FC
    .text CWindowssystem32wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000503FC
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00050600
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00051014
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00050804
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00050A08
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00050C0C
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00050E10
    .text CWindowssystem32wininit.exe[648] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000501F8
    .text CWindowssystem32wininit.exe[648] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00060600
    .text CWindowssystem32wininit.exe[648] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00060804
    .text CWindowssystem32wininit.exe[648] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00060A08
    .text CWindowssystem32wininit.exe[648] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000601F8
    .text CWindowssystem32wininit.exe[648] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000603FC
    .text CWindowssystem32csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32services.exe[692] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32services.exe[692] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32services.exe[692] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32services.exe[692] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32services.exe[692] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowssystem32services.exe[692] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowssystem32services.exe[692] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowssystem32services.exe[692] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowssystem32services.exe[692] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text CWindowssystem32lsass.exe[708] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32lsass.exe[708] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32lsass.exe[708] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32lsass.exe[708] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32lsass.exe[708] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowssystem32lsass.exe[708] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowssystem32lsass.exe[708] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowssystem32lsass.exe[708] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowssystem32lsass.exe[708] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text CWindowssystem32lsm.exe[716] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32lsm.exe[716] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32lsm.exe[716] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32lsm.exe[716] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32winlogon.exe[788] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000301F8
    .text CWindowssystem32winlogon.exe[788] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000303FC
    .text CWindowssystem32winlogon.exe[788] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000503FC
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00050600
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00051014
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00050804
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00050A08
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00050C0C
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00050E10
    .text CWindowssystem32winlogon.exe[788] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000501F8
    .text CWindowssystem32winlogon.exe[788] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00060600
    .text CWindowssystem32winlogon.exe[788] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00060804
    .text CWindowssystem32winlogon.exe[788] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00060A08
    .text CWindowssystem32winlogon.exe[788] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000601F8
    .text CWindowssystem32winlogon.exe[788] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000603FC
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001601F8
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001603FC
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
    .text CProgram FilesCommon FilesJavaJava Updatejusched.exe[840] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
    .text CProgram FilesAVAST SoftwareAvastAvastUI.exe[868] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32svchost.exe[880] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
     
  8. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    .text CWindowsSystem32svchost.exe[880] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsSystem32svchost.exe[880] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsSystem32svchost.exe[880] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32svchost.exe[900] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[900] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[900] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32nvvsvc.exe[956] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CWindowssystem32nvvsvc.exe[956] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CWindowssystem32nvvsvc.exe[956] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32nvvsvc.exe[956] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
    .text CWindowssystem32nvvsvc.exe[956] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
    .text CWindowssystem32nvvsvc.exe[956] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
    .text CWindowssystem32nvvsvc.exe[956] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
    .text CWindowssystem32nvvsvc.exe[956] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CWindowssystem32nvvsvc.exe[956] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CWindowssystem32svchost.exe[980] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[980] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[980] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[980] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32svchost.exe[980] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000B0600
    .text CWindowssystem32svchost.exe[980] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000B0804
    .text CWindowssystem32svchost.exe[980] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000B0A08
    .text CWindowssystem32svchost.exe[980] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000B01F8
    .text CWindowssystem32svchost.exe[980] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000B03FC
    .text CWindowssystem32svchost.exe[984] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[984] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[984] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32svchost.exe[984] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
    .text CWindowssystem32svchost.exe[984] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
    .text CWindowssystem32svchost.exe[984] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
    .text CWindowssystem32svchost.exe[984] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
    .text CWindowssystem32svchost.exe[984] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
    .text CWindowsSystem32svchost.exe[1024] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowsSystem32svchost.exe[1024] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsSystem32svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsSystem32svchost.exe[1024] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsSystem32svchost.exe[1024] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00100600
    .text CWindowsSystem32svchost.exe[1024] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00100804
    .text CWindowsSystem32svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00100A08
    .text CWindowsSystem32svchost.exe[1024] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001001F8
    .text CWindowsSystem32svchost.exe[1024] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001003FC
    .text CWindowsSystem32svchost.exe[1084] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowsSystem32svchost.exe[1084] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsSystem32svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .
     
  9. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsSystem32svchost.exe[1084] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsSystem32svchost.exe[1084] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000C0600
    .text CWindowsSystem32svchost.exe[1084] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000C0804
    .text CWindowsSystem32svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000C0A08
    .text CWindowsSystem32svchost.exe[1084] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000C01F8
    .text CWindowsSystem32svchost.exe[1084] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000C03FC
    .text CWindowsSystem32svchost.exe[1112] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowsSystem32svchost.exe[1112] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsSystem32svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsSystem32svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsSystem32svchost.exe[1112] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00C50600
    .text CWindowsSystem32svchost.exe[1112] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00C50804
    .text CWindowsSystem32svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00C50A08
    .text CWindowsSystem32svchost.exe[1112] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 00C501F8
    .text CWindowsSystem32svchost.exe[1112] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 00C503FC
    .text CWindowssystem32svchost.exe[1124] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[1124] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32svchost.exe[1124] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 001A0600
    .text CWindowssystem32svchost.exe[1124] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 001A0804
    .text CWindowssystem32svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 001A0A08
    .text CWindowssystem32svchost.exe[1124] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001A01F8
    .text CWindowssystem32svchost.exe[1124] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001A03FC
    .text CWindowssystem32AUDIODG.EXE[1192] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[1204] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[1204] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[1204] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001A03FC
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 001A0600
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 001A1014
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 001A0804
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 001A0A08
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 001A0C0C
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 001A0E10
    .text CProgram FilesCommon FilesLightScribeLightScribeControlPanel.exe[1244] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001A01F8
    .text CWindowssystem32svchost.exe[1272] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[1272] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32svchost.exe[1272] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00C10600
    .text CWindowssystem32svchost.exe[1272] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00C10804
    .text CWindowssystem32svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00C10A08
    .text CWindowssystem32svchost.exe[1272] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 00C101F8
    .text CWindowssystem32svchost.exe[1272] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 00C103FC
    .text CProgram FilesSkypePhoneSkype.exe[1296] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesSkypePhoneSkype.exe[1296] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesSkypePhoneSkype.exe[1296] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
    .text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
    .text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
    .text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
    .text CProgram FilesSkypePhoneSkype.exe[1296] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesSkypePhoneSkype.exe[1296] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CWindowssystem32svchost.exe[1388] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[1388] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[1388] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32svchost.exe[1388] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
    .text CWindowssystem32svchost.exe[1388] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
    .text CWindowssystem32svchost.exe[1388] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
    .text CWindowssystem32svchost.exe[1388] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
    .text CWindowssystem32svchost.exe[1388] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
    .text CProgram FilesAVAST SoftwareAvastAvastSvc.exe[1512] kernel32.dll!SetUnhandledExceptionFilter 7682A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text CProgram FilesAVAST SoftwareAvastAvastSvc.exe[1512] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 003A03FC
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 003A0600
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 003A1014
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 003A0804
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 003A0A08
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 003A0C0C
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 003A0E10
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 003A01F8
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 003B0600
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 003B0804
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 003B0A08
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 003B01F8
    .text CProgram FilesWIDCOMMBluetooth SoftwareBTTray.exe[1520] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 003B03FC
    .text CWindowsSystem32spoolsv.exe[1864] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowsSystem32spoolsv.exe[1864] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsSystem32spoolsv.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsSystem32spoolsv.exe[1864] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsSystem32spoolsv.exe[1864] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00120600
    .text CWindowsSystem32spoolsv.exe[1864] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00120804
    .text CWindowsSystem32spoolsv.exe[1864] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00120A08
    .text CWindowsSystem32spoolsv.exe[1864] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001201F8
    .text CWindowsSystem32spoolsv.exe[1864] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001203FC
    .text CWindowssystem32svchost.exe[1888] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[1888] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[1888] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .
     
  10. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    .text CWindowssystem32svchost.exe[1888] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32svchost.exe[1888] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000F0600
    .text CWindowssystem32svchost.exe[1888] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000F0804
    .text CWindowssystem32svchost.exe[1888] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000F0A08
    .text CWindowssystem32svchost.exe[1888] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000F01F8
    .text CWindowssystem32svchost.exe[1888] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000F03FC
    .text CProgram FilesHewlett-PackardHP AdvisorHPAdvisor.exe[1912] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00160600
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00160804
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00160A08
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001601F8
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001603FC
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
    .text CProgram FilesCommon FilesBSDAppUpdaterBSDChecker.exe[2108] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000C03FC
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 000C0600
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 000C1014
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 000C0804
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 000C0A08
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 000C0C0C
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 000C0E10
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000C01F8
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000D0600
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000D0804
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000D0A08
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000D01F8
    .text CProgram FilesWindows Sidebarsidebar.exe[2128] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000D03FC
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00270600
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00270804
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00270A08
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 002701F8
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 002703FC
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 002803FC
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00280600
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00281014
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00280804
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00280A08
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00280C0C
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00280E10
    .text CProgram FilesCyberLinkShared FilesRichVideo.exe[2172] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 002801F8
    .text CWindowssystem32svchost.exe[2200] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[2200] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[2200] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsSystem32svchost.exe[2248] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowsSystem32svchost.exe[2248] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsSystem32svchost.exe[2248] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsSystem32svchost.exe[2248] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsehomeehtray.exe[2260] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowsehomeehtray.exe[2260] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsehomeehtray.exe[2260] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsehomeehtray.exe[2260] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsehomeehtray.exe[2260] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowsehomeehtray.exe[2260] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowsehomeehtray.exe[2260] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowsehomeehtray.exe[2260] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowsehomeehtray.exe[2260] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text CWindowssystem32SearchIndexer.exe[2272] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32SearchIndexer.exe[2272] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32SearchIndexer.exe[2272] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32SearchIndexer.exe[2272] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowssystem32SearchIndexer.exe[2272] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
    .text CWindowssystem32DRIVERSxaudio.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001603FC
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00160600
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00161014
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00160804
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00160A08
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00160C0C
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00160E10
    .text CWindowssystem32DRIVERSxaudio.exe[2420] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001601F8
    .text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
    .text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
    .text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
    .text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
    .text CWindowssystem32DRIVERSxaudio.exe[2420] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
    .text CProgram FilesMicrosoft OfficeOffice12ONENOTEM.EXE[2524] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8
    .text CWindowssystem32rundll32.exe[2596] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000601F8
    .text CWindowssystem32rundll32.exe[2596] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000603FC
    .text CWindowssystem32rundll32.exe[2596] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32rundll32.exe[2596] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
    .text CWindowssystem32rundll32.exe[2596] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
    .text CWindowssystem32rundll32.exe[2596] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
    .text CWindowssystem32rundll32.exe[2596] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
    .text CWindowssystem32rundll32.exe[2596] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000903FC
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00090600
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00091014
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00090804
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00090A08
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00090C0C
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00090E10
    .text CWindowssystem32rundll32.exe[2596] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000901F8
    .text CWindowsehomeehmsas.exe[2756] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000401F8
    .text CWindowsehomeehmsas.exe[2756] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000403FC
    .text CWindowsehomeehmsas.exe[2756] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000603FC
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00060600
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00061014
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00060804
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00060A08
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00060C0C
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00060E10
    .text CWindowsehomeehmsas.exe[2756] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000601F8
    .text CWindowsehomeehmsas.exe[2756] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
    .text CWindowsehomeehmsas.exe[2756] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
    .text CWindowsehomeehmsas.exe[2756] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
    .text CWindowsehomeehmsas.exe[2756] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
    .text CWindowsehomeehmsas.exe[2756] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001C03FC
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 001C0600
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 001C1014
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 001C0804
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 001C0A08
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 001C0C0C
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 001C0E10
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001C01F8
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 001D0600
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 001D0804
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 001D0A08
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001D01F8
    .text CProgram FilesWIDCOMMBluetooth SoftwareBtStackServer.exe[2880] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001D03FC
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00090600
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00090804
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00090A08
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000901F8
    .text CProgram FilesWindows Sidebarsidebar.exe[3044] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000903FC
    .text CWindowssystem32taskeng.exe[3072] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32taskeng.exe[3072] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32taskeng.exe[3072] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32taskeng.exe[3072] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32taskeng.exe[3072] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowssystem32taskeng.exe[3072] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowssystem32taskeng.exe[3072] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowssystem32taskeng.exe[3072] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowssystem32taskeng.exe[3072] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text CProgram FilesiPodbiniPodService.exe[3132] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesiPodbiniPodService.exe[3132] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesiPodbiniPodService.exe[3132] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .
     
  11. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesiPodbiniPodService.exe[3132] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
    .text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
    .text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
    .text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
    .text CProgram FilesiPodbiniPodService.exe[3132] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
    .text CWindowssystem32taskeng.exe[3220] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000901F8
    .text CWindowssystem32taskeng.exe[3220] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000903FC
    .text CWindowssystem32taskeng.exe[3220] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 005303FC
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00530600
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00531014
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00530804
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00530A08
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00530C0C
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00530E10
    .text CWindowssystem32taskeng.exe[3220] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 005301F8
    .text CWindowssystem32taskeng.exe[3220] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00540600
    .text CWindowssystem32taskeng.exe[3220] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00540804
    .text CWindowssystem32taskeng.exe[3220] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00540A08
    .text CWindowssystem32taskeng.exe[3220] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 005401F8
    .text CWindowssystem32taskeng.exe[3220] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 005403FC
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesHPQuickPlayKernelTVQPCapSvc.exe[3244] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CWindowssystem32Dwm.exe[3320] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32Dwm.exe[3320] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32Dwm.exe[3320] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32Dwm.exe[3320] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32Dwm.exe[3320] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowssystem32Dwm.exe[3320] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowssystem32Dwm.exe[3320] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowssystem32Dwm.exe[3320] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowssystem32Dwm.exe[3320] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text CWindowsExplorer.EXE[3352] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowsExplorer.EXE[3352] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowsExplorer.EXE[3352] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowsExplorer.EXE[3352] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowsExplorer.EXE[3352] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowsExplorer.EXE[3352] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowsExplorer.EXE[3352] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowsExplorer.EXE[3352] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowsExplorer.EXE[3352] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00160600
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00160804
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00160A08
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001601F8
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001603FC
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
    .text CProgram FilesSynapticsSynTPSynTPEnh.exe[3564] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
    .text CWindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe[3624] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001401F8
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001403FC
    .text CProgram FilesHPQuickPlayQPService.exe[3648] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00160600
    .text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00160804
    .text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00160A08
    .text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001601F8
    .text CProgram FilesHPQuickPlayQPService.exe[3648] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001603FC
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesHPQuickPlayQPService.exe[3648] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CWindowssystem32taskeng.exe[3788] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32taskeng.exe[3788] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32taskeng.exe[3788] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32taskeng.exe[3788] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CWindowssystem32taskeng.exe[3788] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00080600
    .text CWindowssystem32taskeng.exe[3788] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00080804
    .text CWindowssystem32taskeng.exe[3788] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00080A08
    .text CWindowssystem32taskeng.exe[3788] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000801F8
    .text CWindowssystem32taskeng.exe[3788] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000803FC
    .text cProgram FilesHewlett-PackardHP Health Checkhphc_service.exe[3820] KERNEL32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
    .text CProgram FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe[3832] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000B03FC
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 000B0600
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 000B1014
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 000B0804
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 000B0A08
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 000B0C0C
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 000B0E10
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000B01F8
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 000C0600
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 000C0804
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 000C0A08
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000C01F8
    .text CProgram FilesWindows DefenderMSASCui.exe[3876] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000C03FC
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001703FC
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00170600
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00171014
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00170804
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00170A08
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00170C0C
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00170E10
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001701F8
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
    .text CProgram FilesHPDigital ImagingbinHpqSRmon.exe[3944] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00180600
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00180804
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00180A08
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001801F8
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001803FC
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001903FC
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00190600
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00191014
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00190804
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 3 Bytes JMP 00190A08
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfigW + 4 77A06F85 1 Byte [88]
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00190C0C
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00190E10
    .text CProgram FilesHPHP Software UpdatehpwuSchd2.exe[3952] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001901F8
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00190600
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00190804
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00190A08
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001901F8
    .text CProgram FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe[3988] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001903FC
    .text CWindowssystem32svchost.exe[4012] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000501F8
    .text CWindowssystem32svchost.exe[4012] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000503FC
    .text CWindowssystem32svchost.exe[4012] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000703FC
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00070600
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00071014
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00070804
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00070A08
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00070C0C
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00070E10
    .text CWindowssystem32svchost.exe[4012] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000701F8
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesiTunesiTunesHelper.exe[4036] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
    .text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
    .text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
    .text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
    .text CProgram FilesiTunesiTunesHelper.exe[4036] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesiTunesiTunesHelper.exe[4036] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CWindowsSystem32rundll32.exe[4068] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000601F8
    .text CWindowsSystem32rundll32.exe[4068] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000603FC
    .text CWindowsSystem32rundll32.exe[4068] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowsSystem32rundll32.exe[4068] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
    .text CWindowsSystem32rundll32.exe[4068] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
    .text CWindowsSystem32rundll32.exe[4068] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
    .text CWindowsSystem32rundll32.exe[4068] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
    .text CWindowsSystem32rundll32.exe[4068] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
    .text CWindowsSystem32rundll32.exe[4068] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesVimicro CorporationVMUVCVMonitor.exe[4080] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00170600
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00170804
    .
     
  12. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00170A08
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 001701F8
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 001703FC
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 001803FC
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00180600
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00181014
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00180804
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00180A08
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00180C0C
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00180E10
    .text CProgram FilesSynapticsSynTPSynTPHelper.exe[4208] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 001801F8
    .text CWindowssystem32ctfmon.exe[4232] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 001501F8
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 001503FC
    .text CUsersMelissaDesktopr1thux4x.exe[4992] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 003603FC
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00360600
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00361014
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00360804
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00360A08
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00360C0C
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00360E10
    .text CUsersMelissaDesktopr1thux4x.exe[4992] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 003601F8
    .text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00370600
    .text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00370804
    .text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00370A08
    .text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 003701F8
    .text CUsersMelissaDesktopr1thux4x.exe[4992] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 003703FC
    .text CWindowssystem32wuauclt.exe[5188] ntdll.dll!LdrLoadDll 77A79378 5 Bytes JMP 000601F8
    .text CWindowssystem32wuauclt.exe[5188] ntdll.dll!LdrUnloadDll 77A8B680 5 Bytes JMP 000603FC
    .text CWindowssystem32wuauclt.exe[5188] kernel32.dll!GetBinaryTypeW + 70 76852467 1 Byte [62]
    .text CWindowssystem32wuauclt.exe[5188] USER32.dll!SetWindowsHookExA 762C6322 5 Bytes JMP 00070600
    .text CWindowssystem32wuauclt.exe[5188] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 00070804
    .text CWindowssystem32wuauclt.exe[5188] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 00070A08
    .text CWindowssystem32wuauclt.exe[5188] USER32.dll!SetWinEventHook 762C9F3A 5 Bytes JMP 000701F8
    .text CWindowssystem32wuauclt.exe[5188] USER32.dll!UnhookWinEvent 762CC06F 5 Bytes JMP 000703FC
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!CreateServiceW 779C9EB4 5 Bytes JMP 000803FC
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!DeleteService 779CA07E 5 Bytes JMP 00080600
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!SetServiceObjectSecurity 77A06CD9 5 Bytes JMP 00081014
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfigA 77A06DD9 5 Bytes JMP 00080804
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfigW 77A06F81 5 Bytes JMP 00080A08
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfig2A 77A07099 5 Bytes JMP 00080C0C
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!ChangeServiceConfig2W 77A071E1 5 Bytes JMP 00080E10
    .text CWindowssystem32wuauclt.exe[5188] ADVAPI32.dll!CreateServiceA 77A072A1 5 Bytes JMP 000801F8

    ---- User IATEAT - GMER 1.0.15 ----

    IAT CWindowssystem32services.exe[692] @ CWindowssystem32services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
    IAT CWindowssystem32services.exe[692] @ CWindowssystem32services.exe [KERNEL32.dll!CreateProcessW] 000B0000

    ---- Devices - GMER 1.0.15 ----

    Device FileSystemNtfs Ntfs aswSP.SYS (avast! self protection moduleAVAST Software)
    Device DriverBTHUSB Device0000009c bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)
    Device DriverBTHUSB Device0000009c bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)

    AttachedDevice Driverkbdclass DeviceKeyboardClass0 Wdf01000.sys (WDF DynamicMicrosoft Corporation)

    Device DriverBTHUSB Device0000009e bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)
    Device DriverBTHUSB Device0000009e bthport.sys (Bluetooth Bus DriverMicrosoft Corporation)

    AttachedDevice Drivertdx DeviceTcp aswTdi.SYS (avast! TDI Filter DriverAVAST Software)
    AttachedDevice Drivertdx DeviceUdp aswTdi.SYS (avast! TDI Filter DriverAVAST Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLMSYSTEMCurrentControlSetServicesBTHPORTParametersKeys001e37e31189
    Reg HKLMSYSTEMControlSet002ServicesBTHPORTParametersKeys001e37e31189 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  14. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-01 12:18:32
    -----------------------------
    12:18:32.703 OS Version: Windows 6.0.6002 Service Pack 2
    12:18:32.703 Number of processors: 2 586 0x6802
    12:18:32.703 ComputerName: MELISSA-PC UserName: Melissa
    12:18:33.888 Initialize success
    12:18:34.044 AVAST engine defs: 12020100
    12:18:37.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    12:18:37.882 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
    12:18:37.882 Disk 0 MBR read successfully
    12:18:37.898 Disk 0 MBR scan
    12:18:37.898 Disk 0 unknown MBR code
    12:18:37.898 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140576 MB offset 63
    12:18:37.929 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12048 MB offset 287900865
    12:18:37.960 Disk 0 scanning sectors +312576705
    12:18:38.069 Disk 0 scanning C:\Windows\system32\drivers
    12:18:58.006 Service scanning
    12:19:00.377 Modules scanning
    12:19:11.703 Disk 0 trace - called modules:
    12:19:11.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    12:19:11.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868baac8]
    12:19:11.781 3 CLASSPNP.SYS[8b3b18b3] -> nt!IofCallDriver -> [0x862ac838]
    12:19:11.781 5 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8628e930]
    12:19:12.701 AVAST engine scan C:\Windows
    12:19:16.055 AVAST engine scan C:\Windows\system32
    12:22:57.934 AVAST engine scan C:\Windows\system32\drivers
    12:23:11.085 AVAST engine scan C:\Users\Melissa
    12:33:26.224 Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
    12:33:26.240 The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"



    The Bootkit Remover link does not open.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It opens just fine here.
    Retry.
     
  16. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  17. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    Had to turn off Avast:eek:
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  19. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    ListParts by Farbar
    Ran by Melissa on 01-02-2012 at 14:23:59
    Windows Vista (X86)
    Running From: C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RE241L91
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 52%
    Total physical RAM: 3006.18 MB
    Available physical RAM: 1421.04 MB
    Total Pagefile: 6218.84 MB
    Available Pagefile: 4631.06 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.61 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:137.28 GB) (Free:37.31 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 137 GB 32 KB
    Partition 2 Primary 12 GB 137 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 137 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy



    ****** End Of Log ******
     
  20. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    ComboFix 12-02-01.01 - Melissa 02/01/2012 17:04:40.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1794 [GMT -6:00]
    Running from: c:\users\Melissa\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}
    c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\chrome.manifest
    c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\chrome\content\_cfg.js
    c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\chrome\content\overlay.xul
    c:\users\Melissa\AppData\Local\{6936761F-89DA-4F34-91EA-2482592B582B}\install.rdf
    c:\users\Melissa\Documents\~WRL0003.tmp
    c:\users\Melissa\Documents\~WRL0004.tmp
    c:\users\Melissa\Documents\~WRL0005.tmp
    c:\users\Melissa\Documents\~WRL0022.tmp
    c:\users\Melissa\Documents\~WRL0026.tmp
    c:\users\Melissa\Documents\~WRL0335.tmp
    c:\users\Melissa\Documents\~WRL0357.tmp
    c:\users\Melissa\Documents\~WRL0401.tmp
    c:\users\Melissa\Documents\~WRL0407.tmp
    c:\users\Melissa\Documents\~WRL0690.tmp
    c:\users\Melissa\Documents\~WRL0708.tmp
    c:\users\Melissa\Documents\~WRL0770.tmp
    c:\users\Melissa\Documents\~WRL0876.tmp
    c:\users\Melissa\Documents\~WRL0913.tmp
    c:\users\Melissa\Documents\~WRL0934.tmp
    c:\users\Melissa\Documents\~WRL1065.tmp
    c:\users\Melissa\Documents\~WRL1133.tmp
    c:\users\Melissa\Documents\~WRL1291.tmp
    c:\users\Melissa\Documents\~WRL1659.tmp
    c:\users\Melissa\Documents\~WRL1948.tmp
    c:\users\Melissa\Documents\~WRL1996.tmp
    c:\users\Melissa\Documents\~WRL2037.tmp
    c:\users\Melissa\Documents\~WRL2067.tmp
    c:\users\Melissa\Documents\~WRL2084.tmp
    c:\users\Melissa\Documents\~WRL2120.tmp
    c:\users\Melissa\Documents\~WRL2245.tmp
    c:\users\Melissa\Documents\~WRL2566.tmp
    c:\users\Melissa\Documents\~WRL2616.tmp
    c:\users\Melissa\Documents\~WRL2652.tmp
    c:\users\Melissa\Documents\~WRL3044.tmp
    c:\users\Melissa\Documents\~WRL3321.tmp
    c:\users\Melissa\Documents\~WRL3576.tmp
    c:\users\Melissa\Documents\~WRL3611.tmp
    c:\users\Melissa\Documents\~WRL3695.tmp
    c:\users\Melissa\Documents\~WRL3838.tmp
    c:\windows\system32\KBL.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-01 23:17 . 2012-02-01 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-31 20:13 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-01-31 20:13 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-01-31 20:13 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-01-31 20:13 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-01-31 20:13 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-31 20:13 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-01-31 20:12 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2012-01-31 20:12 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2012-01-31 20:12 . 2012-01-31 20:12 -------- d-----w- c:\programdata\AVAST Software
    2012-01-31 20:12 . 2012-01-31 20:12 -------- d-----w- c:\program files\AVAST Software
    2012-01-31 15:40 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA131242-F0E5-47AA-8B5F-0C3B9EA65CD1}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-25 02:46 . 2011-12-25 02:46 319488 ----a-w- c:\windows\HideWin.exe
    2011-12-10 21:24 . 2009-05-10 04:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-07 12:08 . 2009-10-02 16:55 236576 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-23 13:37 . 2011-12-14 23:56 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 14:42 . 2011-12-14 23:55 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
    "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-07-10 1660744]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=1
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-01 17:18
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-02-01 17:26:16
    ComboFix-quarantined-files.txt 2012-02-01 23:26
    .
    Pre-Run: 39,808,454,656 bytes free
    Post-Run: 41,375,862,784 bytes free
    .
    - - End Of File - - 91EC19E4D65094C43A879A2990A0A4A9
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop
     
  24. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    OTL Extras logfile created on: 2/1/2012 6:06:16 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Melissa\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 55.37% Memory free
    6.07 Gb Paging File | 4.51 Gb Available in Paging File | 74.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.28 Gb Total Space | 38.57 Gb Free Space | 28.10% Space Free | Partition Type: NTFS
    Drive D: | 11.77 Gb Total Space | 1.98 Gb Free Space | 16.87% Space Free | Partition Type: NTFS

    Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0494DF61-0618-4DCA-BEAC-C29D9B55BB55}" = rport=139 | protocol=6 | dir=out | app=system |
    "{15632CCA-EE2B-495B-A3D5-0ACE21FAD412}" = lport=139 | protocol=6 | dir=in | app=system |
    "{26BD6189-BEFD-44DE-B972-35684306582A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{294B9A6C-2F62-4E52-8B80-589B8AC19C5D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{60162CE6-B4CC-47DC-8065-477BC2851B5B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8AE5B7E5-CC00-4C31-9B97-17B3043A899B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{AAEB95BB-6A9D-4DD0-82FD-F78853DEB058}" = lport=137 | protocol=17 | dir=in | app=system |
    "{AE4902BB-44F1-4E40-807E-4A39FA87CEE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CA959CE0-102D-4510-8DE2-021AB91892A7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F12E9D35-2570-4B1E-A3C8-30F08B0F76B1}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0429329E-0464-4D91-A359-809821A0E16F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{05D3FAA0-F2DC-432F-AA2B-6F565814D674}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{06D724F8-98EB-4408-A2B0-1C0684EB1857}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{0B6A4A5C-D0DD-4A95-9EDE-346E527BA862}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{16AA263D-9033-4D93-95CA-B8B3A1529993}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1C350F1D-172C-40F3-BD72-B6657543F406}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1F8DEA4D-D0CB-4118-9BBD-EA3ABC021BCE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{2278293C-69FB-4261-A991-54C37417FE56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2FFE2449-05F4-431E-B5AA-DAF630828DF1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{3AF4F8A4-CCDD-4A39-A1FC-977548871D41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{476E163A-6A8E-4D96-B809-0488A762A7B9}" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
    "{49F159E8-ABFF-4E50-A796-1200C6B3ABE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{557F9B14-C7F3-40A0-9DB1-CDC5DF23934B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{77403D5F-6275-4BF9-850C-91F062BD4BCB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{7FE8FFDC-7BFF-438F-AC9C-4A352B1E1534}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{826055F1-8B70-4E86-960B-91DC614BA9D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{88048842-D7AF-4730-92E2-1FD868B8468B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{895630BC-5B35-4063-AC0C-B918CCA175FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8BB9BECF-E85F-40F9-BB87-22A181CB1D61}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{9B971ED8-7703-41C2-B4C2-10897BFF8856}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{9EF89A66-9698-4353-959C-C3313B2EC120}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{A6E135C6-1319-405B-B891-021EFA719359}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B576D741-6854-4188-9EEF-727EC31E27C1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{C49E2BD8-C6C1-4C16-A336-E55A8BFA28F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EBD79006-D140-4DD3-8BA5-44078780CFEE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{F55BC89E-745A-4208-88C6-B6558614481F}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{FC4133A9-1F3B-4B26-B9F1-6DF0530CEFC1}" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
    "{FCE21A2C-A02C-4786-A723-919B1FD4DB2F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "TCP Query User{0842E933-5A37-4489-BD2B-DB097C1D329B}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "TCP Query User{18BD9C2F-7855-447E-8DFC-832B85533758}C:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe |
    "TCP Query User{1D56FF81-6E3B-45B0-9354-D91FA5929709}C:\program files\ruckus player\ruckus.exe" = protocol=6 | dir=in | app=c:\program files\ruckus player\ruckus.exe |
    "TCP Query User{A39C7D8D-257E-4664-A913-E405B9EF143A}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "TCP Query User{B04C3B57-7998-4AA4-AFC7-A3EAD7611E76}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{E872CBCE-579D-4ED8-A9F5-10D827B8EC42}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "TCP Query User{EF7D5011-4CF2-4B62-A7BF-C642BF573951}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{03FD7007-8F6E-42D0-BD1D-D6F9D18D2D2F}C:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\melissa\appdata\local\temp\wzse0.tmp\symnrt.exe |
    "UDP Query User{54B8B021-7E0D-4CBD-B848-CAF3635EEB6F}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{5970BB90-23BF-4E0B-B270-5361FD912E3B}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "UDP Query User{BAE056FA-C2ED-40B5-8BEB-01263EBF140F}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{E27F5631-6E3A-4BA1-BB79-86DEA928EC36}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "UDP Query User{F6B77A28-8F46-4038-8AD6-DB8B87354B43}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{F955E5F9-86E8-4F92-B784-AF58EDB7F8EE}C:\program files\ruckus player\ruckus.exe" = protocol=17 | dir=in | app=c:\program files\ruckus player\ruckus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
    "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
    "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
    "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
    "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
    "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71A51A91-E7D3-11DB-A386-005056C00008}" = CHOIDY USB PC Camera
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{AA94D826-6C3A-4031-B074-43411E459E5B}" = DyKnow Tablet Runtime 5.2 SP1
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
    "{BDFFE800-65ED-4A30-99F3-D975C21E9651}" = Auf geht's! 1.7
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
    "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
    "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
    "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
    "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AIM_6" = AIM 6
    "avast" = avast! Free Antivirus
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
    "LastFM_is1" = Last.fm 1.5.2.38918
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "Ruckus Player" = Ruckus Player
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "WildTangent hp Master Uninstall" = My HP Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2709816161-449407397-1528612323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/26/2011 4:24:31 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/26/2011 4:32:48 PM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
    Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
    faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
    code 0xc0000005, fault offset 0x00002a3f, process id 0x83c, application start time
    0x01ccac7a85bde0de.

    Error - 11/27/2011 5:41:27 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 11/27/2011 5:54:43 PM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
    Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
    faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
    code 0xc0000005, fault offset 0x00002a3f, process id 0xe40, application start time
    0x01ccad4f275d7d22.

    Error - 12/14/2011 7:47:12 PM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/14/2011 11:47:22 PM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
    Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
    faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
    code 0xc0000005, fault offset 0x00002a3f, process id 0x118, application start time
    0x01ccbadc3d422be0.

    Error - 12/18/2011 12:12:33 AM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/18/2011 12:14:24 AM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
    Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
    faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
    code 0xc0000005, fault offset 0x00002a3f, process id 0x378, application start time
    0x01ccbd3b79cd6ca9.

    Error - 12/23/2011 12:28:50 AM | Computer Name = Melissa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/23/2011 12:31:16 AM | Computer Name = Melissa-PC | Source = Application Error | ID = 1000
    Description = Faulting application HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199,
    faulting module HPKBDAPP.exe, version 1.0.0.4, time stamp 0x46dcf199, exception
    code 0xc0000005, fault offset 0x00002a3f, process id 0xa40, application start time
    0x01ccc12b89173166.

    [ Media Center Events ]
    Error - 12/14/2008 1:30:38 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 1/18/2009 12:17:39 PM | Computer Name = Melissa-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    [ OSession Events ]
    Error - 8/25/2011 2:30:32 AM | Computer Name = Melissa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 92669
    seconds with 900 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/18/2008 3:36:01 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom0.

    Error - 10/18/2008 3:38:33 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom0.

    Error - 10/18/2008 3:40:52 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom0.

    Error - 10/18/2008 3:43:34 PM | Computer Name = Melissa-PC | Source = cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom0.

    Error - 10/20/2008 9:31:15 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2008 9:31:16 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2008 9:31:17 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2008 9:31:20 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2008 9:35:45 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/20/2008 9:37:01 PM | Computer Name = Melissa-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  25. Hurriken

    Hurriken TS Booster Topic Starter Posts: 231

    It's running pretty good. I had one "windows had a problem and needs to restart" episode and IE acted glitchy earlier. But it seems a lot faster. I was thinking there wasn't much wrong with this system but the length of the GMER report and the amount of stuff you suggested is making me think otherwise. I'm thinking your are going to say it was a mess. After this I'm going to have to look at the drivers too because there is no sound, but I'll get there.

    Also, perhaps I need to find a way to teach my daughter to take care of her new laptop...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...