Solved No connection to internet / BSoD error 0x0000007B

R

RhewChuryll

Posts: 33   +0
I came home and my wife had my laptop open and one of those fake antivirus spyware was running.

By the time I went into safe mode to do a rkill and a malware run, my computer probably had a rootkit installed somewhere.

I keep getting BSoD screens as well, but once I pass them, I can't access my internet, wifi or lan. It keeps saying aquiring network address. Sometimes when I am trying to correct my internet connecting, my computer crashes and goes into another BSoD with the Win32k.sys error


Here is my logs.

alwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8172

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/24/2011 7:03:50 PM
mbam-log-2011-11-24 (19-03-50).txt

Scan type: Quick scan
Objects scanned: 198163
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-24 18:53:25
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0
Running: xnw7mzye.exe; Driver: C:\DOCUME~1\OWNER~1.JAS\LOCALS~1\Temp\axtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9678C374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x967F32B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x967B0829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9678E996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9678E9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9678EB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x967B01DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9678E8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9678EA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9678E940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9678EAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9678C398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x967B0EEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x967B11A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9678ED88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x967B0D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x967B0BC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x967F3368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9678C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9678C3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9678EEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9678CE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9678E9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9678EA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9678EB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x967B0539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9678E918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9678EBC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9678EA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9678E96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9678ECA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9678EADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x967F3400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x967B0A40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9678CD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x967B0892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x967FB6E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x967AF850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9678C3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9678C404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9678C1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9678C2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x967B0FF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9678C2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9678C31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9678C428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x968089A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C54 805044C0 8 Bytes [96, E9, 78, 96, EE, E9, 78, ...] {XCHG ESI, EAX; JMP 0xffffffffe9ee967e; JS 0xffffffffffffff9e}
.text ntkrnlpa.exe!ZwCallbackReturn + 2C74 805044E0 4 Bytes [EC, E8, 78, 96]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C90 805044FC 8 Bytes JMP E9409678
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050450C 4 Bytes [B2, EA, 78, 96] {MOV DL, 0xea; JS 0xffffffffffffff9a}
.text ntkrnlpa.exe!ZwCallbackReturn + 2D90 805045FC 8 Bytes [C6, E9, 78, 96, 16, EA, 78, ...]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A533E 4 Bytes CALL 9678D4AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BB35A 5 Bytes JMP 968043DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1C90 5 Bytes JMP 96805E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFE96 7 Bytes JMP 968089AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB85FBEBF]
.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP 9678FE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP 9678FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP 9678F0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP 9678FFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP 9678FCC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP 967901BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP 9678F14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP 9678F016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP 9678F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP 9678F4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP 9678FD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP 9678F4A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP 9678FEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP 9678EFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP 96790118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP 9678F1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP 9678F254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP 9678F28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP 9678EF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP 9678F096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP 9678F1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP 9678F5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP 96790070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text ntdll.dll!LdrLoadDll
 
7C915CD3 5 Bytes [E9, 20, A5, 83, 83] {JMP 0xffffffff8383a525}
.text ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes [E9, 5C, 97, 83, 83] {JMP 0xffffffff83839761}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[208] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[400] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[400] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[412] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[416] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[468] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[468] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\ctfmon.exe[468] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[468] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[516] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[516] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[604] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[604] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\eHome\ehSched.exe[604] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[604] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 006A1014
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 006A0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 006A0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 006A0C0C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 006A0E10
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 006A01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 006A03FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 006A0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 006B0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 006B0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 006B0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 006B01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[680] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 006B03FC
.text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[748] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[748] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[748] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[748] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[748] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1008] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[1020] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
 
.text C:\WINDOWS\ehome\ehtray.exe[1020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[1020] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\ehome\ehtray.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002D0600
.text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\ehtray.exe[1020] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002E1014
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002E0E10
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[1020] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[1040] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1040] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1060] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00371014
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00370804
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370A08
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00370C0C
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370E10
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003701F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003703FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00370600
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe[1248] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00371014
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00370804
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370A08
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00370C0C
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370E10
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003701F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003703FC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00370600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[1320] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[1340] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01521014
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01520804
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01520A08
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01520C0C
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01520E10
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 015201F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 015203FC
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01520600
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01530A08
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01530804
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01530600
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 015301F8
.text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1376] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 015303FC
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1436] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1436] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
 
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1456] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1468] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003A0600
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003A1014
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003A0804
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003A0A08
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003A0C0C
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003A0E10
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003A01F8
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003A03FC
.text C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003A0600
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1492] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003F0A08
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003F0804
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003F0600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003F01F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1532] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1640] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1768] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[1768] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1768] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00671014
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00670804
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00670A08
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00670C0C
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00670E10
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 006701F8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 006703FC
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00670600
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00680A08
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00680804
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00680600
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 006801F8
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1820] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 006803FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1832] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 004553F1 C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced SystemCare 5 Tray/IObit)
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[2192] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 009B0A08
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 009B0804
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 009B0600
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 009B01F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 009B03FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 009C1014
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 009C0804
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 009C0A08
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 009C0C0C
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 009C0E10
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 009C01F8
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 009C03FC
.text C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe[2220] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 009C0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00361014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00360804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00360A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00360C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00360E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003601F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003603FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00360600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2348] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2452] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehmsas.exe[2468] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2468] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2468] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wscntfy.exe[2480] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2480] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!UnhookWindowsHookEx
 
7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wscntfy.exe[2480] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002D1014
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002D0E10
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[2480] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00361014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00360804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00360A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00360C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00360E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003601F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003603FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00360600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2504] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[2508] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2552] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2624] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[2640] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[2640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2640] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes
 
JMP 002A0C0C
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\dllhost.exe[2640] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[2640] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2712] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2744] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2856] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[2856] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[2856] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3104] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3104] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003B0A08
.text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003B0804
.text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003B0600
.text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\System32\alg.exe[3104] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003C1014
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003C0804
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003C0A08
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003C0E10
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003C01F8
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\alg.exe[3104] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003C0600
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 004D0A08
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 004D0804
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 004D0600
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 004D01F8
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 004D03FC
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 004C1014
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 004C0804
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 004C0A08
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 004C0C0C
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 004C0E10
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 004C01F8
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 004C03FC
.text C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 004C0600
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3368] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3444] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[3548] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3548] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3548] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[3548] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3548] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3628] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3628] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3628] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[3628] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3628] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002C1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 3 Bytes JMP 002C0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E372D5 1 Byte [88]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3672] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002C0600

---- User IAT/EAT - GMER 1.0.15 ----
 
IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[1084] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[1084] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02742F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02742CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02742D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02742CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner.JASON\Desktop\xnw7mzye.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}@jaiaggcpaiohgaekbgge 0x62 0x61 0x6D 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}@jaiaggcpaiohgaekbgcc 0x62 0x61 0x66 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}@iaihccljgaoadeehie 0x6B 0x61 0x6E 0x6F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB5790$\2786439307 0 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\bckfg.tmp 846 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\cfg.ini 201 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\keywords 45 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\L 0 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\L\mzayzxgd 162816 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U 0 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB5790$\2786439307\U\80000032.@ 96256 bytes
File C:\WINDOWS\$NtUninstallKB5790$\458091033 0 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Run by Owner at 19:06:48 on 2011-11-24
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1293 [GMT -9:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP6954
mURLSearchHooks: H - No File
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] NA
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Power2GoExpress] NA
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\get styles\ct.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
LSP: mswsock.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{92B8A9D7-25CE-4BBB-9F15-E04788F93910} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner.jason\application data\mozilla\firefox\profiles\p9htxcml.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57111
FF - prefs.js: network.proxy.type - 1
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-15 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-6 320856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-23 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-23 108552]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-9-25 574808]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-15 490840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-6 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-6 44768]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S0 ljaus;ljaus;c:\windows\system32\drivers\yvah.sys --> c:\windows\system32\drivers\yvah.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2007-3-5 16896]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-5-3 50704]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2007-8-8 39704]
S3 SASENUM;SASENUM;\??\c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\owner~1.jas\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
.
=============== Created Last 30 ================
.
2011-11-16 04:16:57 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-13 10:02:33 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-13 10:02:33 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-05 13:58:48 -------- d-----w- c:\documents and settings\owner.jason\application data\Azureus
2011-11-05 13:56:33 -------- d-----w- c:\documents and settings\owner.jason\.frostwire5
.
==================== Find3M ====================
.
2011-09-18 14:17:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 21:45:29 41184 ----a-w- c:\windows\avastSS.scr
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
.
============= FINISH: 19:09:01.35 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

I still need Attach.txt part of DDS so please provide that.

Then...

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check "Include All Files" option.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Sorry about the Attach.txt file.

Here it is below.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2006 7:07:19 PM
System Uptime: 11/24/2011 2:54:16 PM (5 hours ago)
.
Motherboard: Gateway | |
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFCPGA2 | 1596/533mhz
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFCPGA2 | 1596/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 43.214 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 4.897 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP562: 8/27/2011 8:46:21 AM - System Checkpoint
RP563: 8/29/2011 9:17:35 AM - System Checkpoint
RP564: 8/30/2011 12:55:38 PM - System Checkpoint
RP565: 9/17/2011 11:42:53 PM - IObit Uninstaller restore point
RP566: 9/17/2011 11:43:07 PM - Removed Ask Toolbar.
RP567: 9/17/2011 11:43:41 PM - IObit Uninstaller restore point
RP568: 9/19/2011 9:25:16 AM - System Checkpoint
RP569: 9/20/2011 11:46:24 AM - System Checkpoint
RP570: 9/21/2011 12:35:41 PM - System Checkpoint
RP571: 9/22/2011 1:40:32 PM - System Checkpoint
RP572: 9/23/2011 2:52:04 PM - System Checkpoint
RP573: 9/24/2011 3:16:55 PM - System Checkpoint
RP574: 9/26/2011 12:59:15 PM - System Checkpoint
RP575: 9/27/2011 1:37:45 PM - System Checkpoint
RP576: 9/28/2011 3:47:59 PM - System Checkpoint
RP577: 9/29/2011 10:27:31 PM - System Checkpoint
RP578: 10/1/2011 9:51:09 AM - System Checkpoint
RP579: 10/2/2011 10:31:21 AM - System Checkpoint
RP580: 10/3/2011 12:54:02 PM - System Checkpoint
RP581: 10/5/2011 2:18:43 PM - System Checkpoint
RP582: 10/6/2011 3:21:09 PM - System Checkpoint
RP583: 10/7/2011 6:16:13 PM - System Checkpoint
RP584: 10/9/2011 8:41:32 PM - System Checkpoint
RP585: 10/11/2011 9:24:13 AM - System Checkpoint
RP586: 10/13/2011 10:40:35 AM - System Checkpoint
RP587: 10/20/2011 2:16:02 PM - System Checkpoint
RP588: 10/21/2011 3:36:45 PM - System Checkpoint
RP589: 10/21/2011 5:47:25 PM - Removed FlipShare
RP590: 10/22/2011 12:34:39 PM - Removed FlipShare
RP591: 10/24/2011 2:06:51 PM - System Checkpoint
RP592: 10/25/2011 2:34:30 PM - System Checkpoint
RP593: 10/26/2011 3:47:33 PM - System Checkpoint
RP594: 10/27/2011 3:57:40 PM - System Checkpoint
RP595: 10/28/2011 4:43:23 PM - System Checkpoint
RP596: 10/31/2011 1:38:59 PM - System Checkpoint
RP597: 11/1/2011 5:04:06 PM - System Checkpoint
RP598: 11/2/2011 7:53:56 PM - System Checkpoint
RP599: 11/5/2011 6:17:19 AM - Removed Ask Toolbar.
RP600: 11/6/2011 7:12:24 AM - System Checkpoint
RP601: 11/7/2011 4:12:37 PM - System Checkpoint
RP602: 11/8/2011 8:34:16 PM - System Checkpoint
RP603: 11/10/2011 7:52:42 PM - System Checkpoint
RP604: 11/13/2011 1:00:19 AM - Restore Operation
RP605: 11/13/2011 1:01:01 AM - Restore Operation
RP606: 11/16/2011 8:40:18 PM - Restore Operation
RP607: 11/16/2011 8:46:06 PM - Restore Operation
RP608: 11/16/2011 8:51:59 PM - Restore Operation
RP609: 11/16/2011 8:58:13 PM - Restore Operation
RP610: 11/24/2011 12:02:46 AM - Restore Operation
RP611: 11/24/2011 12:07:05 AM - Restore Operation
RP612: 11/24/2011 12:32:39 AM - Restore Operation
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
4Media iPod to PC Transfer
7-Zip 4.42
Ad-Aware 2007
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Free Antivirus
Belarc Advisor 7.2
BitTorrent
CCleaner
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Solution
FlipShare
Gateway Download Assistant
GOM Player
Google Desktop
Google Earth
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallIQ Updater
Intel Matrix Storage Manager
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (2.0.0.3)
Mozilla Thunderbird (1.5)
mProSafe
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
Napster Burn Engine
OpenOffice.org Installer 1.0
Photo Frame Show - AIR desktop application
PhotoCardMaker 1.0.3
PhotoMix 5.3
PhotoScape
Picasa 3
Power2Go 4.0
PowerDVD
Quicken 2010
QuickTime
Recovery Software Suite Gateway
Registry Patrol v3.0
Remote Control USB Driver
Revo Uninstaller 1.87
Scrapbook Flair
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SigmaTel Audio
Skype Toolbars
Skype™ 4.2
Smilebox
Sonic Encoders
SUPER © Version 2007.bld.21 (Jan 4, 2007)
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TeamViewer 6
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
Window Shopper
Windows Backup Utility
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Yahoo! Browser Services
Yahoo! BrowserPlus 2.9.8
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/24/2011 2:13:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/24/2011 12:47:33 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/24/2011 12:28:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi AvgLdx86 AvgMfx86 AvgTdiX BANTExt Fips intelppm IPSec MRxSmb NetBIOS RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2011 12:28:02 AM, error: Service Control Manager [7001] - The Apache2.2 service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/24/2011 12:27:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/24/2011 12:27:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/24/2011 12:16:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
11/24/2011 12:16:41 AM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2011 11:56:42 PM, error: Service Control Manager [7034] - The mysql service terminated unexpectedly. It has done this 1 time(s).
11/23/2011 11:56:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
11/23/2011 11:56:33 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
11/23/2011 11:56:32 PM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
11/23/2011 11:56:32 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
11/23/2011 11:56:32 PM, error: Service Control Manager [7003] - The AVG8 E-mail Scanner service depends on the following nonexistent service: avg8wd
.
==== End Of File ===========================
 
Here is the FSS file.

arbar Service Scanner
Ran by Owner (administrator) on 24-11-2011 at 20:07:20
Microsoft Windows XP Service Pack 2 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Unable to retrieve start type of NetBt. The value might not exist.
Unable to retrieve ImagePath of NetBt. The value might not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe
[2005-01-09 14:48] - [2004-08-10 10:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2005-01-09 14:48] - [2009-02-09 01:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2005-01-09 14:48] - [2009-02-06 01:22] - 0110592 ____A (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD

C:\WINDOWS\system32\dhcpcsvc.dll
[2005-01-09 14:47] - [2006-05-19 03:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2005-01-09 14:47] - [2008-08-14 00:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2005-01-09 14:48] - [2004-08-10 10:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2005-01-09 14:48] - [2008-06-20 01:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2005-01-09 14:48] - [2004-08-10 10:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2005-01-09 14:47] - [2008-02-19 20:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F


Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to Google returned error: Google site is unreachable
Attempt to yahoo returend error: Yahoo site is unreachable

**** End of log ****
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :reg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
ystemLook 30.07.11 by jpshortstuff
Log created at 20:23 on 24/11/2011 by Owner
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]


-= EOF =-
 
It looks like that registry key is corrupted and that's cuts off your internet connection.
Hold on and I'll prepare a fix for you.
 
Thanks Broni, you rock! Btw, my 94 year old Great Grandma's birthday was yesterday and we got her a winnie the pooh pillow. Thought I'd let you know for kicks yea? hehe
 
Looks like I can connect wifi and lan.

Thanks.

BUT. Anything else I should be worried about with the initials scans thus far?
 
Good news :)

But...we just started :)
We have to make sure your computer is really clean.

You're running two AV programs, AVG and Avast.
One of them has to go.
If AVG (my suggestion) use AVG Remover: http://www.avg.com/us-en/utilities

============================================================

Update MBAM, run "Quick scan" and post new log.

============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix is preparing log report as of right now, but its been over 10 minutes and I need to go and turn off PC, will doing that create any forseen problems in the future?

Thanks
 
Usually it's not a good idea but since you posted 16 hours ago I don't know what's the current status is.
 
Here is the aswMBR log below.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-24 21:01:45
-----------------------------
21:01:45.015 OS Version: Windows 5.1.2600 Service Pack 2
21:01:45.015 Number of processors: 2 586 0xE08
21:01:45.015 ComputerName: JASON UserName: Owner
21:01:46.093 Initialize success
21:01:46.265 AVAST engine defs: 11112401
21:02:01.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:02:01.796 Disk 0 Vendor: WDC_WD12 01.0 Size: 114473MB BusType: 3
21:02:01.828 Disk 0 MBR read successfully
21:02:01.828 Disk 0 MBR scan
21:02:01.843 Disk 0 unknown MBR code
21:02:01.859 Disk 0 scanning sectors +234420480
21:02:01.968 Disk 0 scanning C:\WINDOWS\system32\drivers
21:02:13.171 Service scanning
21:02:15.046 Modules scanning
21:02:24.593 Disk 0 trace - called modules:
21:02:24.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll IASTOR.SYS
21:02:24.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e8ab8]
21:02:24.671 3 CLASSPNP.SYS[ba16905b] -> nt!IofCallDriver -> \Device\000000ad[0x8a7cb258]
21:02:24.687 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a7b0030]
21:02:25.171 AVAST engine scan C:\WINDOWS
21:02:29.453 AVAST engine scan C:\WINDOWS\system32
21:04:16.078 AVAST engine scan C:\WINDOWS\system32\drivers
21:04:30.250 AVAST engine scan C:\Documents and Settings\Owner.JASON
21:05:43.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.JASON\Desktop\MBR.dat"
21:05:43.562 The log file has been saved successfully to "C:\Documents and Settings\Owner.JASON\Desktop\aswMBR.txt"


I have a feeling I was close to getting the Combofix log, but my 9 month old son needed to get home into bed.

Do I restart the Combofix to get the log?

Thanks

Rhews
 
Here is the Combofix log

ComboFix 11-11-25.02 - Owner 11/25/2011 18:31:49.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1528 [GMT -9:00]
Running from: c:\documents and settings\Owner.JASON\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\detoured.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Owner.JASON\Application Data\7E3E.5A6
c:\documents and settings\Owner.JASON\Application Data\Mozilla\Firefox\Profiles\p9htxcml.default\searchplugins\bing-zugo.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner.JASON\Application Data\PriceGong\Data\z.xml
c:\windows\$NtUninstallKB5790$\2786439307\@
c:\windows\$NtUninstallKB5790$\2786439307\bckfg.tmp
c:\windows\$NtUninstallKB5790$\2786439307\cfg.ini
c:\windows\$NtUninstallKB5790$\2786439307\Desktop.ini
c:\windows\$NtUninstallKB5790$\2786439307\keywords
c:\windows\$NtUninstallKB5790$\2786439307\kwrd.dll
c:\windows\$NtUninstallKB5790$\2786439307\L\mzayzxgd
c:\windows\$NtUninstallKB5790$\2786439307\lsflt7.ver
c:\windows\$NtUninstallKB5790$\2786439307\U\00000001.@
c:\windows\$NtUninstallKB5790$\2786439307\U\00000002.@
c:\windows\$NtUninstallKB5790$\2786439307\U\00000004.@
c:\windows\$NtUninstallKB5790$\2786439307\U\80000000.@
c:\windows\$NtUninstallKB5790$\2786439307\U\80000004.@
c:\windows\$NtUninstallKB5790$\2786439307\U\80000032.@
c:\windows\$NtUninstallKB5790$\458091033
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\kb913800.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-17 02:49 . 2011-11-17 02:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2011-11-16 04:16 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-13 10:02 . 2011-11-13 10:02 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-05 13:58 . 2011-11-05 13:58 -------- d-----w- c:\documents and settings\Owner.JASON\Application Data\Azureus
2011-11-05 13:56 . 2011-11-05 14:07 -------- d-----w- c:\documents and settings\Owner.JASON\.frostwire5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-18 14:17 . 2011-09-18 14:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 21:45 . 2010-10-09 21:34 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 21:45 . 2010-05-06 20:54 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:37 . 2010-05-06 20:54 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2010-05-06 20:54 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2010-05-06 20:54 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2010-05-06 20:54 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 21:36 . 2010-05-06 20:54 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 21:36 . 2010-05-06 20:54 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 21:33 . 2010-05-06 20:54 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2007-03-12 09:01 . 2007-05-07 16:13 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:01 . 2007-05-07 16:13 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:01 . 2007-05-07 16:13 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 09:01 . 2007-05-07 16:13 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:01 . 2007-05-07 16:13 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-26 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-26 2178832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Screen Saver Control 2003.lnk]
backup=c:\windows\pss\Stardust Screen Saver Control 2003.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Stardust Wallpaper Control 2003.lnk]
backup=c:\windows\pss\Stardust Wallpaper Control 2003.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-08-15 03:00 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 02:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 02:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\wowd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/15/2011 7:16 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/6/2010 11:54 AM 320856]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/15/2011 7:27 PM 490840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/6/2010 11:54 AM 20568]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 12:22 PM 1085440]
S0 ljaus;ljaus;c:\windows\system32\drivers\yvah.sys --> c:\windows\system32\drivers\yvah.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [3/5/2007 1:23 AM 16896]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [8/8/2007 5:41 PM 39704]
S3 SASENUM;SASENUM;\??\c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\OWNER~1.JAS\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2006-10-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-01-10 19:00]
.
2006-10-15 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-01-10 19:00]
.
2011-11-26 c:\windows\Tasks\User_Feed_Synchronization-{A5974A3E-F8C5-44A2-8BCC-45E37219FA74}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner.JASON\Application Data\Mozilla\Firefox\Profiles\p9htxcml.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=PPGL2&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110612&user_guid=6CB0A87C5751488CBAB2246D27684525&machine_id=5bf304eff987747f2dd0223412f9a9b8&browser=FF&os=win&os_version=5.1-x86-SP2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57111
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-THGuard - c:\program files\TrojanHunter 4.0\THGuard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-25 19:16
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-984385501-2065118603-808799485-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CFA4CDE1-9B8D-3042-E736-5470C6D19253}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaiaggcpaiohgaekbgge"=hex:62,61,6d,6f,00,00
"jaiaggcpaiohgaekbgcc"=hex:62,61,66,6e,00,00
"iaihccljgaoadeehie"=hex:6b,61,6e,6f,61,63,62,6f,6f,6b,70,68,64,65,61,6f,6e,6d,
6d,64,65,64,00,00
.
Completion time: 2011-11-25 19:31:23
ComboFix-quarantined-files.txt 2011-11-26 04:31
.
Pre-Run: 46,520,782,848 bytes free
Post-Run: 46,462,492,672 bytes free
.
- - End Of File - - EE5B40D0113B9CF14958652890E5B3EC
 
I assume you uninstalled AVG prior to running Combofix?
Let me know.
If so keep it that way as you can't be running two AV programs.
You have Avast already.
 
You must log in or register to reply here.

Similar threads

B
Solved Bestprosoft
Replies
23
Views
3K
Broni
Broni
N
'Terminator' tool uses vulnerable Windows driver to kill almost any security software
Replies
3
Views
689
hwertz
hwertz
A
  • Locked
Inactive I may be infected, please help.
Replies
2
Views
2K
Broni
Broni

Latest posts

Back