TechSpot

No connection to internet / BSoD error 0x0000007B

By RhewChuryll
Nov 24, 2011
  1. I came home and my wife had my laptop open and one of those fake antivirus spyware was running.

    By the time I went into safe mode to do a rkill and a malware run, my computer probably had a rootkit installed somewhere.

    I keep getting BSoD screens as well, but once I pass them, I can't access my internet, wifi or lan. It keeps saying aquiring network address. Sometimes when I am trying to correct my internet connecting, my computer crashes and goes into another BSoD with the Win32k.sys error


    Here is my logs.

    alwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8172

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    11/24/2011 7:03:50 PM
    mbam-log-2011-11-24 (19-03-50).txt

    Scan type: Quick scan
    Objects scanned: 198163
    Time elapsed: 9 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-24 18:53:25
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0
    Running: xnw7mzye.exe; Driver: C:\DOCUME~1\OWNER~1.JAS\LOCALS~1\Temp\axtdypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9678C374]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x967F32B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x967B0829]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9678E996]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9678E9EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9678EB04]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x967B01DD]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9678E8EC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9678EA3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9678E940]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9678EAB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9678C398]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x967B0EEF]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x967B11A5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9678ED88]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x967B0D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x967B0BC5]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x967F3368]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9678C162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9678C3BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9678EEFC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9678CE54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9678E9C6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9678EA16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9678EB2E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x967B0539]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9678E918]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9678EBC0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9678EA7E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9678E96E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9678ECA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9678EADC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x967F3400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x967B0A40]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9678CD1A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x967B0892]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x967FB6E2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x967AF850]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9678C3E0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9678C404]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9678C1BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9678C2F8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x967B0FF6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9678C2D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9678C31C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9678C428]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x968089A6]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C54 805044C0 8 Bytes [96, E9, 78, 96, EE, E9, 78, ...] {XCHG ESI, EAX; JMP 0xffffffffe9ee967e; JS 0xffffffffffffff9e}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2C74 805044E0 4 Bytes [EC, E8, 78, 96]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2C90 805044FC 8 Bytes JMP E9409678
    .text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050450C 4 Bytes [B2, EA, 78, 96] {MOV DL, 0xea; JS 0xffffffffffffff9a}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D90 805045FC 8 Bytes [C6, E9, 78, 96, 16, EA, 78, ...]
    .text ...
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A533E 4 Bytes CALL 9678D4AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BB35A 5 Bytes JMP 968043DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C1C90 5 Bytes JMP 96805E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFE96 7 Bytes JMP 968089AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB85FBEBF]
    .text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP 9678FE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP 9678FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP 9678F0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP 9678FFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP 9678FCC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP 967901BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP 9678F14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP 9678F016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP 9678F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP 9678F4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP 9678FD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP 9678F4A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP 9678FEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP 9678EFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP 96790118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP 9678F1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP 9678F254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP 9678F28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP 9678EF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP 9678F096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP 9678F1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP 9678F5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP 96790070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text ntdll.dll!LdrLoadDll
     
  2. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    7C915CD3 5 Bytes [E9, 20, A5, 83, 83] {JMP 0xffffffff8383a525}
    .text ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes [E9, 5C, 97, 83, 83] {JMP 0xffffffff83839761}

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600
    .text C:\WINDOWS\eHome\ehSched.exe[604] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
    .text C:\WINDOWS\eHome\ehSched.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\eHome\ehSched.exe[604] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
    .text C:\WINDOWS\eHome\ehSched.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 006A1014
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 006A0804
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 006A0A08
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 006A0C0C
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 006A0E10
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 006A01F8
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 006A03FC
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 006A0600
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 006B0A08
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 006B0804
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 006B0600
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 006B01F8
    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 006B03FC
    .text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B1014
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B0804
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B0600
    .text C:\WINDOWS\Explorer.EXE[748] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[748] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[748] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[748] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[748] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\smss.exe[940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[1008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[1008] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
     
  3. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    .text C:\WINDOWS\ehome\ehtray.exe[1020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\ehome\ehtray.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002D0804
    .text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002D0600
    .text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002E1014
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002E0804
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002E0A08
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002E0C0C
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002E0E10
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002E01F8
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002E03FC
    .text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002E0600
    .text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00371014
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00370804
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00370C0C
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370E10
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003701F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003703FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00370600
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00371014
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00370804
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370A08
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00370C0C
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370E10
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003701F8
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003703FC
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00370600
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
    .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01521014
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01520804
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01520A08
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01520C0C
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01520E10
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 015201F8
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 015203FC
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01520600
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01530A08
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01530804
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01530600
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 015301F8
    .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 015303FC
    .text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
     
  4. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    .text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003A0600
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003A1014
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003A0804
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003A0A08
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003A0E10
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003A01F8
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003A03FC
    .text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003A0600
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003F0A08
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003F0804
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003F0600
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003F01F8
    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003F03FC
    .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00671014
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00670804
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00670A08
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00670C0C
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00670E10
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 006701F8
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 006703FC
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00670600
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00680A08
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00680804
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00680600
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 006801F8
    .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 006803FC
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 004553F1 C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced SystemCare 5 Tray/IObit)
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8
    .text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 009B0A08
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 009B0804
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 009B0600
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 009B01F8
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 009B03FC
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 009C1014
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 009C0804
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 009C0A08
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 009C0C0C
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 009C0E10
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 009C01F8
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 009C03FC
    .text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 009C0600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00361014
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00360804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00360A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00360C0C
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00360E10
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003601F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003603FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00360600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wscntfy.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!UnhookWindowsHookEx
     
  5. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    7E41F21E 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002D1014
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002D0C0C
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002D0E10
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00361014
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00360804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00360A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00360C0C
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00360E10
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003601F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003603FC
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00360600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\dllhost.exe[2640] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\dllhost.exe[2640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2640] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes
     
  6. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    JMP 002A0C0C
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[3104] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003B0A08
    .text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003B0804
    .text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003B01F8
    .text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003C1014
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003C0804
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003C0A08
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003C0C0C
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003C0E10
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003C01F8
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003C03FC
    .text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003C0600
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 004D0A08
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 004D0804
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 004D0600
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 004D01F8
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 004D03FC
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 004C1014
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 004C0804
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 004C0A08
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 004C0C0C
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 004C0E10
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 004C01F8
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 004C03FC
    .text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 004C0600
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\svchost.exe[3548] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[3548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3548] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[3548] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[3628] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[3628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3628] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
    .text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
    .text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600

    ---- User IAT/EAT - GMER 1.0.15 ----
     
  7. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\services.exe[1084] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
    IAT C:\WINDOWS\system32\services.exe[1084] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02742F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02742CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02742D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02742CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}@jaiaggcpaiohgaekbgge 0x62 0x61 0x6D 0x6F ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}@jaiaggcpaiohgaekbgcc 0x62 0x61 0x66 0x6E ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}@iaihccljgaoadeehie 0x6B 0x61 0x6E 0x6F ...

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB5790$\2786439307 0 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\bckfg.tmp 846 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\cfg.ini 201 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\keywords 45 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\L\mzayzxgd 162816 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\80000000.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\80000032.@ 96256 bytes
    File C:\WINDOWS\$NtUninstallKB5790$\458091033 0 bytes

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
    Run by Owner at 19:06:48 on 2011-11-24
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1293 [GMT -9:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
    mURLSearchHooks: H - No File
    BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Power2GoExpress] NA
    uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [Power2GoExpress] NA
    dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
    LSP: mswsock.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{92B8A9D7-25CE-4BBB-9F15-E04788F93910} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner.jason\application data\mozilla\firefox\profiles\p9htxcml.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2
    FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 57111
    FF - prefs.js: network.proxy.type - 1
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-15 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-6 320856]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 335240]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-23 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-23 108552]
    R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-15 490840]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-6 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-6 44768]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S0 ljaus;ljaus;c:\windows\system32\drivers\yvah.sys --> c:\windows\system32\drivers\yvah.sys [?]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-3-5 16896]
    S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-5-3 50704]
    S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2007-8-8 39704]
    S3 SASENUM;SASENUM;\??\c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-16 04:16:57 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-13 10:02:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-11-13 10:02:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-05 13:58:48 -------- d-----w- c:\documents and settings\owner.jason\application data\Azureus
    2011-11-05 13:56:33 -------- d-----w- c:\documents and settings\owner.jason\.frostwire5
    .
    ==================== Find3M ====================
    .
    2011-09-18 14:17:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-06 21:45:29 41184 ----a-w- c:\windows\avastSS.scr
    2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    .
    ============= FINISH: 19:09:01.35 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    I still need Attach.txt part of DDS so please provide that.

    Then...

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check "Include All Files" option.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  9. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    Sorry about the Attach.txt file.

    Here it is below.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/14/2006 7:07:19 PM
    System Uptime: 11/24/2011 2:54:16 PM (5 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFCPGA2 | 1596/533mhz
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFCPGA2 | 1596/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 105 GiB total, 43.214 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 4.897 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP562: 8/27/2011 8:46:21 AM - System Checkpoint
    RP563: 8/29/2011 9:17:35 AM - System Checkpoint
    RP564: 8/30/2011 12:55:38 PM - System Checkpoint
    RP565: 9/17/2011 11:42:53 PM - IObit Uninstaller restore point
    RP566: 9/17/2011 11:43:07 PM - Removed Ask Toolbar.
    RP567: 9/17/2011 11:43:41 PM - IObit Uninstaller restore point
    RP568: 9/19/2011 9:25:16 AM - System Checkpoint
    RP569: 9/20/2011 11:46:24 AM - System Checkpoint
    RP570: 9/21/2011 12:35:41 PM - System Checkpoint
    RP571: 9/22/2011 1:40:32 PM - System Checkpoint
    RP572: 9/23/2011 2:52:04 PM - System Checkpoint
    RP573: 9/24/2011 3:16:55 PM - System Checkpoint
    RP574: 9/26/2011 12:59:15 PM - System Checkpoint
    RP575: 9/27/2011 1:37:45 PM - System Checkpoint
    RP576: 9/28/2011 3:47:59 PM - System Checkpoint
    RP577: 9/29/2011 10:27:31 PM - System Checkpoint
    RP578: 10/1/2011 9:51:09 AM - System Checkpoint
    RP579: 10/2/2011 10:31:21 AM - System Checkpoint
    RP580: 10/3/2011 12:54:02 PM - System Checkpoint
    RP581: 10/5/2011 2:18:43 PM - System Checkpoint
    RP582: 10/6/2011 3:21:09 PM - System Checkpoint
    RP583: 10/7/2011 6:16:13 PM - System Checkpoint
    RP584: 10/9/2011 8:41:32 PM - System Checkpoint
    RP585: 10/11/2011 9:24:13 AM - System Checkpoint
    RP586: 10/13/2011 10:40:35 AM - System Checkpoint
    RP587: 10/20/2011 2:16:02 PM - System Checkpoint
    RP588: 10/21/2011 3:36:45 PM - System Checkpoint
    RP589: 10/21/2011 5:47:25 PM - Removed FlipShare
    RP590: 10/22/2011 12:34:39 PM - Removed FlipShare
    RP591: 10/24/2011 2:06:51 PM - System Checkpoint
    RP592: 10/25/2011 2:34:30 PM - System Checkpoint
    RP593: 10/26/2011 3:47:33 PM - System Checkpoint
    RP594: 10/27/2011 3:57:40 PM - System Checkpoint
    RP595: 10/28/2011 4:43:23 PM - System Checkpoint
    RP596: 10/31/2011 1:38:59 PM - System Checkpoint
    RP597: 11/1/2011 5:04:06 PM - System Checkpoint
    RP598: 11/2/2011 7:53:56 PM - System Checkpoint
    RP599: 11/5/2011 6:17:19 AM - Removed Ask Toolbar.
    RP600: 11/6/2011 7:12:24 AM - System Checkpoint
    RP601: 11/7/2011 4:12:37 PM - System Checkpoint
    RP602: 11/8/2011 8:34:16 PM - System Checkpoint
    RP603: 11/10/2011 7:52:42 PM - System Checkpoint
    RP604: 11/13/2011 1:00:19 AM - Restore Operation
    RP605: 11/13/2011 1:01:01 AM - Restore Operation
    RP606: 11/16/2011 8:40:18 PM - Restore Operation
    RP607: 11/16/2011 8:46:06 PM - Restore Operation
    RP608: 11/16/2011 8:51:59 PM - Restore Operation
    RP609: 11/16/2011 8:58:13 PM - Restore Operation
    RP610: 11/24/2011 12:02:46 AM - Restore Operation
    RP611: 11/24/2011 12:07:05 AM - Restore Operation
    RP612: 11/24/2011 12:32:39 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    3ivx MPEG-4 5.0.3 (remove only)
    4Media iPod to PC Transfer
    7-Zip 4.42
    Ad-Aware 2007
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.3
    Adobe Shockwave Player 11.5
    Adobe® Photoshop® Album Starter Edition 3.2
    Advanced SystemCare 5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    avast! Free Antivirus
    Belarc Advisor 7.2
    BitTorrent
    CCleaner
    Compatibility Pack for the 2007 Office system
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DVD Decrypter (Remove Only)
    DVD Solution
    FlipShare
    Gateway Download Assistant
    GOM Player
    Google Desktop
    Google Earth
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895953)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB910728)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    InstallIQ Updater
    Intel Matrix Storage Manager
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    iPod for Windows 2006-06-28
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Motorola SM56 Data Fax Modem
    Mozilla Firefox (2.0.0.3)
    Mozilla Thunderbird (1.5)
    mProSafe
    MSN
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    mWlsSafe
    Napster Burn Engine
    OpenOffice.org Installer 1.0
    Photo Frame Show - AIR desktop application
    PhotoCardMaker 1.0.3
    PhotoMix 5.3
    PhotoScape
    Picasa 3
    Power2Go 4.0
    PowerDVD
    Quicken 2010
    QuickTime
    Recovery Software Suite Gateway
    Registry Patrol v3.0
    Remote Control USB Driver
    Revo Uninstaller 1.87
    Scrapbook Flair
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    SigmaTel Audio
    Skype Toolbars
    Skype™ 4.2
    Smilebox
    Sonic Encoders
    SUPER © Version 2007.bld.21 (Jan 4, 2007)
    Synaptics Pointing Device Driver
    System Requirements Lab for Intel
    TeamViewer 6
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Media Player
    WebFldrs XP
    Window Shopper
    Windows Backup Utility
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Yahoo! Browser Services
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/24/2011 2:13:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    11/24/2011 12:47:33 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    11/24/2011 12:28:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi AvgLdx86 AvgMfx86 AvgTdiX BANTExt Fips intelppm IPSec MRxSmb NetBIOS RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The Apache2.2 service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/24/2011 12:27:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    11/24/2011 12:27:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/24/2011 12:16:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
    11/24/2011 12:16:41 AM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/23/2011 11:56:42 PM, error: Service Control Manager [7034] - The mysql service terminated unexpectedly. It has done this 1 time(s).
    11/23/2011 11:56:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    11/23/2011 11:56:33 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    11/23/2011 11:56:32 PM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
    11/23/2011 11:56:32 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
    11/23/2011 11:56:32 PM, error: Service Control Manager [7003] - The AVG8 E-mail Scanner service depends on the following nonexistent service: avg8wd
    .
    ==== End Of File ===========================
     
  10. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    Here is the FSS file.

    arbar Service Scanner
    Ran by Owner (administrator) on 24-11-2011 at 20:07:20
    Microsoft Windows XP Service Pack 2 (X86)
    ********************************************************

    Service Check:
    ==============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    NetBt Service is not running. Checking service configuration:
    Unable to retrieve start type of NetBt. The value might not exist.
    Unable to retrieve ImagePath of NetBt. The value might not exist.


    File Check:
    ===========
    C:\WINDOWS\system32\svchost.exe
    [2005-01-09 14:48] - [2004-08-10 10:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

    C:\WINDOWS\system32\rpcss.dll
    [2005-01-09 14:48] - [2009-02-09 01:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

    C:\WINDOWS\system32\services.exe
    [2005-01-09 14:48] - [2009-02-06 01:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD

    C:\WINDOWS\system32\dhcpcsvc.dll
    [2005-01-09 14:47] - [2006-05-19 03:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

    C:\WINDOWS\system32\Drivers\afd.sys
    [2005-01-09 14:47] - [2008-08-14 00:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

    C:\WINDOWS\system32\Drivers\netbt.sys
    [2005-01-09 14:48] - [2004-08-10 10:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2005-01-09 14:48] - [2008-06-20 01:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

    C:\WINDOWS\system32\Drivers\ipsec.sys
    [2005-01-09 14:48] - [2004-08-10 10:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\WINDOWS\system32\dnsrslvr.dll
    [2005-01-09 14:47] - [2008-02-19 20:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F


    Connection Status:
    ==================
    Localhost is accessible.
    There is no connection to network.
    Attempt to Google returned error: Google site is unreachable
    Attempt to yahoo returend error: Yahoo site is unreachable

    **** End of log ****
     
  11. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :reg
      HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  12. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    ystemLook 30.07.11 by jpshortstuff
    Log created at 20:23 on 24/11/2011 by Owner
    Administrator - Elevation successful

    ========== reg ==========

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
    (No values found)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]


    -= EOF =-
     
  13. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    It looks like that registry key is corrupted and that's cuts off your internet connection.
    Hold on and I'll prepare a fix for you.
     
  14. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    Thanks Broni, you rock! Btw, my 94 year old Great Grandma's birthday was yesterday and we got her a winnie the pooh pillow. Thought I'd let you know for kicks yea? hehe
     
  15. Broni

    Broni Malware Annihilator Posts: 52,905   +344

  16. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    loooool
     
  17. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    Looks like I can connect wifi and lan.

    Thanks.

    BUT. Anything else I should be worried about with the initials scans thus far?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Good news :)

    But...we just started :)
    We have to make sure your computer is really clean.

    You're running two AV programs, AVG and Avast.
    One of them has to go.
    If AVG (my suggestion) use AVG Remover: http://www.avg.com/us-en/utilities

    ============================================================

    Update MBAM, run "Quick scan" and post new log.

    ============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  19. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    ComboFix is preparing log report as of right now, but its been over 10 minutes and I need to go and turn off PC, will doing that create any forseen problems in the future?

    Thanks
     
  20. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Usually it's not a good idea but since you posted 16 hours ago I don't know what's the current status is.
     
  21. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    Here is the aswMBR log below.


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-24 21:01:45
    -----------------------------
    21:01:45.015 OS Version: Windows 5.1.2600 Service Pack 2
    21:01:45.015 Number of processors: 2 586 0xE08
    21:01:45.015 ComputerName: JASON UserName: Owner
    21:01:46.093 Initialize success
    21:01:46.265 AVAST engine defs: 11112401
    21:02:01.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    21:02:01.796 Disk 0 Vendor: WDC_WD12 01.0 Size: 114473MB BusType: 3
    21:02:01.828 Disk 0 MBR read successfully
    21:02:01.828 Disk 0 MBR scan
    21:02:01.843 Disk 0 unknown MBR code
    21:02:01.859 Disk 0 scanning sectors +234420480
    21:02:01.968 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:02:13.171 Service scanning
    21:02:15.046 Modules scanning
    21:02:24.593 Disk 0 trace - called modules:
    21:02:24.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IASTOR.SYS
    21:02:24.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e8ab8]
    21:02:24.671 3 CLASSPNP.SYS[ba16905b] -> nt!IofCallDriver -> \Device\000000ad[0x8a7cb258]
    21:02:24.687 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a7b0030]
    21:02:25.171 AVAST engine scan C:\WINDOWS
    21:02:29.453 AVAST engine scan C:\WINDOWS\system32
    21:04:16.078 AVAST engine scan C:\WINDOWS\system32\drivers
    21:04:30.250 AVAST engine scan C:\Documents and Settings\Owner.JASON
    21:05:43.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.JASON\Desktop\MBR.dat"
    21:05:43.562 The log file has been saved successfully to "C:\Documents and Settings\Owner.JASON\Desktop\aswMBR.txt"


    I have a feeling I was close to getting the Combofix log, but my 9 month old son needed to get home into bed.

    Do I restart the Combofix to get the log?

    Thanks

    Rhews
     
  22. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Yes, re-run it.
     
  23. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    Here is the Combofix log

    ComboFix 11-11-25.02 - Owner 11/25/2011 18:31:49.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1528 [GMT -9:00]
    Running from: c:\documents and settings\Owner.JASON\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\detoured.dll
    .
    ---- Previous Run -------
    .
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
    c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
    c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
    c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
    c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
    c:\documents and settings\Owner.JASON\Application Data\7E3E.5A6
    c:\documents and settings\Owner.JASON\Application Data\Mozilla\Firefox\Profiles\p9htxcml.default\searchplugins\bing-zugo.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\z.xml
    c:\windows\$NtUninstallKB5790$\2786439307\@
    c:\windows\$NtUninstallKB5790$\2786439307\bckfg.tmp
    c:\windows\$NtUninstallKB5790$\2786439307\cfg.ini
    c:\windows\$NtUninstallKB5790$\2786439307\Desktop.ini
    c:\windows\$NtUninstallKB5790$\2786439307\keywords
    c:\windows\$NtUninstallKB5790$\2786439307\kwrd.dll
    c:\windows\$NtUninstallKB5790$\2786439307\L\mzayzxgd
    c:\windows\$NtUninstallKB5790$\2786439307\lsflt7.ver
    c:\windows\$NtUninstallKB5790$\2786439307\U\00000001.@
    c:\windows\$NtUninstallKB5790$\2786439307\U\00000002.@
    c:\windows\$NtUninstallKB5790$\2786439307\U\00000004.@
    c:\windows\$NtUninstallKB5790$\2786439307\U\80000000.@
    c:\windows\$NtUninstallKB5790$\2786439307\U\80000004.@
    c:\windows\$NtUninstallKB5790$\2786439307\U\80000032.@
    c:\windows\$NtUninstallKB5790$\458091033
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\kb913800.exe
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\wpcap.dll
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-17 02:49 . 2011-11-17 02:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
    2011-11-16 04:16 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-13 10:02 . 2011-11-13 10:02 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-11-05 13:58 . 2011-11-05 13:58 -------- d-----w- c:\documents and settings\Owner.JASON\Application Data\Azureus
    2011-11-05 13:56 . 2011-11-05 14:07 -------- d-----w- c:\documents and settings\Owner.JASON\.frostwire5
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-18 14:17 . 2011-09-18 14:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-06 21:45 . 2010-10-09 21:34 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 21:45 . 2010-05-06 20:54 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 21:37 . 2010-05-06 20:54 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 21:36 . 2010-05-06 20:54 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 21:36 . 2010-05-06 20:54 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 21:36 . 2010-05-06 20:54 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-06 21:36 . 2010-05-06 20:54 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-06 21:36 . 2010-05-06 20:54 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 21:33 . 2010-05-06 20:54 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2007-03-12 09:01 . 2007-05-07 16:13 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2007-03-12 09:01 . 2007-05-07 16:13 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2007-03-12 09:01 . 2007-05-07 16:13 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2007-03-12 09:01 . 2007-05-07 16:13 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2007-03-12 09:01 . 2007-05-07 16:13 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 21:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-26 2178832]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
    backup=c:\windows\pss\BigFix.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Screen Saver Control 2003.lnk]
    backup=c:\windows\pss\Stardust Screen Saver Control 2003.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Wallpaper Control 2003.lnk]
    backup=c:\windows\pss\Stardust Wallpaper Control 2003.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2006-08-15 03:00 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-14 02:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 02:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\wowd.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24726:TCP"= 24726:TCP:FlipShareServer
    "24727:TCP"= 24727:TCP:FlipShareServer
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/15/2011 7:16 PM 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/6/2010 11:54 AM 320856]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/15/2011 7:27 PM 490840]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/6/2010 11:54 AM 20568]
    R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 12:22 PM 1085440]
    S0 ljaus;ljaus;c:\windows\system32\drivers\yvah.sys --> c:\windows\system32\drivers\yvah.sys [?]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [3/5/2007 1:23 AM 16896]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
    S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [8/8/2007 5:41 PM 39704]
    S3 SASENUM;SASENUM;\??\c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
    .
    2006-10-15 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2005-01-10 19:00]
    .
    2006-10-15 c:\windows\Tasks\ISP signup reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2005-01-10 19:00]
    .
    2011-11-26 c:\windows\Tasks\User_Feed_Synchronization-{A5974A3E-F8C5-44A2-8BCC-45E37219FA74}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Owner.JASON\Application Data\Mozilla\Firefox\Profiles\p9htxcml.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2
    FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 57111
    FF - prefs.js: network.proxy.type - 1
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    Notify-avgrsstarter - avgrsstx.dll
    MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-THGuard - c:\program files\TrojanHunter 4.0\THGuard.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-25 19:16
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-984385501-2065118603-808799485-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "jaiaggcpaiohgaekbgge"=hex:62,61,6d,6f,00,00
    "jaiaggcpaiohgaekbgcc"=hex:62,61,66,6e,00,00
    "iaihccljgaoadeehie"=hex:6b,61,6e,6f,61,63,62,6f,6f,6b,70,68,64,65,61,6f,6e,6d,
    6d,64,65,64,00,00
    .
    Completion time: 2011-11-25 19:31:23
    ComboFix-quarantined-files.txt 2011-11-26 04:31
    .
    Pre-Run: 46,520,782,848 bytes free
    Post-Run: 46,462,492,672 bytes free
    .
    - - End Of File - - EE5B40D0113B9CF14958652890E5B3EC
     
  24. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    I assume you uninstalled AVG prior to running Combofix?
    Let me know.
    If so keep it that way as you can't be running two AV programs.
    You have Avast already.
     
  25. RhewChuryll

    RhewChuryll TS Rookie Topic Starter Posts: 33

    i did the uninstall for AVG twice. And both times I ran combofix it said I had avg installed. Dunno what to do there.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...