Inactive [A] I'm infected with the redirect bug

Status
Not open for further replies.
J

JohnH11

Posts: 23   +0
My frustration level has reached its’ limit. I have lost count on how long I have been infected with this nasty bug, but it’s been a long time. I’ve run almost every scan to try to get rid of it to no avail. To reiterate I am infected with the search engine result hijacks/redirects. Meaning I’ll search for something in a search engine like Bing or Google and when I go to click the link it redirects me to a whole other site that has nothing to do with the intended site I was trying to enter. I don’t really know what infection it is mainly because I’ve read where it’s described as a virus, malware, spyware, etc. So I’ve never really taken a hold of what exactly it is. I have been able to document the sites, they are: feed.bizzclick.com, click.scour, get answers fast, gimme answers, search fast results, happili, admarketplace.net. Quite a few as you can tell. I’ve learned to deal with it, for example if I search something and click the link immediately I won’t be redirected, but if I wait more than two seconds then I’ll be redirected. Another one is when I have the results I’ll hover the cursor over the link and the url address will show up at the bottom, once I click and hold the link the url address will then change to mainly feed.bizzclick.com or another mainly composed of numbers. I’ll then drag the link a little bit and let it fall back so as to not actually enter the site, then when I would hover over it the link would have permanently changed, so it’s longer what it originally was but the hijack site. All the other result links are fine and I can click them without being redirected, seems it only affects one link.
So as you see I’ve learned to deal with it, but I don’t want that, I want to permanently get rid of it. Like I stated I have ran many scans in attempts to get rid of it. I’ve also read instructions on how to manually get rid of it, I’m somewhat advanced when it comes to working with computers, but not enough where I can comfortably mess with the registry or anything dealing with the OS for that matter. I’ve run MalwareBytes, SuperAntiSpyware, Avast anti-virus, CCleaner, Hitman pro, Norton Power Eraser, and TDSKiller. They were unable to successfully remove the bug. I’ve also tried to run Spyware Doctor, Spybot, Ad Aware, Hijackthis, and Bitdefender. I was unable to use these programs because I had difficulty and/or problems installing them. One problem was that they were unable to connect to the internet, I have an internet connection but some programs fail to connect to it. I was able to install Hijackthis, but it told me to copy and paste the program to the hard drive in order to successfully use it right which threw me off a bit, I then read statements while researching that said to cautionary use that program and under the orders of pros because it could cause some problems so I uninstalled it and decided to use it when told to.
I ran SuperAntiSpyware in safe mode and it found over 100 infections, to which I successfully removed, was hoping that the hijack bug was in there but to my disappointment it wasn’t. I apologize if the post is a bit long, but I really wanted to be thorough and specific in my description of my problem. Really hoping someone can help me to finally get rid of it. By the way my default browser is the lastest version of Firefox and all my add-ons are up to date, I only have one’s that I need, i.e. flash, Java. I don’t use IE, pretty much ignore it, used a dummy proxy on it. The proxy server is directed to 0.0.0.0 and port 80. Nothing is updated on it, hopefully that isn’t a liability or the origins of the problems. If you have further questions or requests feel free to ask, I’ll be patiently waiting.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Just an update on my situation. I did a startup scan with Avast and it appears to have gotten rid of the hijacking, my searches are no longer being redirected. So I no longer need any assistance in fixing the problem I had since it seems to be gone. I have the bugs in my vault if you would still want to see what I had I have no problem posting them. Though I still have problems with some of my programs not being able to connect/detect the internet, should I post this problem in another section of the forum?
 
MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.22.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Steve :: STEVE-PC [administrator]

2/22/2012 3:38:53 PM
mbam-log-2012-02-22 (15-38-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178494
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-23 22:15:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.01.03E01
Running: 7pu3g73d.exe; Driver: C:\Users\Steve\AppData\Local\Temp\ugloypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D439FC4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D43C456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D43C4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D43C5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D43C3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D43C4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D43C400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D43C572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D439FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D439DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D43A00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D43C9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D43AAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D43C486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D43C4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D43C5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D43C3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D43C53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D43C42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D43C59C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D43A96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D43A030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D43A054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D439E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D439F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D439F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D439F6C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8D537640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D43A078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D5C07A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828C7890 4 Bytes [C4, 9F, 43, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828C7954 8 Bytes [56, C4, 43, 8D, AE, C4, 43, ...] {PUSH ESI; LES EAX, DWORD [EBX-0x73]; SCASB ; LES EAX, DWORD [EBX-0x73]}
.text ntkrnlpa.exe!KeSetEvent + 1DD 828C7960 4 Bytes [C4, C5, 43, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828C7978 4 Bytes [AC, C3, 43, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 828C7998 8 Bytes [FE, C4, 43, 8D, 00, C4, 43, ...] {INC AH; INC EBX; LEA EAX, [EAX]; LES EAX, DWORD [EBX-0x73]}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829F25C7 5 Bytes JMP 8D5BD69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A4B4F3 5 Bytes JMP 8D5BF15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A54E18 4 Bytes CALL 8D43B025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A58A8C 4 Bytes CALL 8D43B03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AACDAE 7 Bytes JMP 8D5C07A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 97ABFC90 5 Bytes JMP 8D43D0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 97AE2407 5 Bytes JMP 8D43C9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F1 97AEEA84 5 Bytes JMP 8D43CF90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 455C 97AEFEEF 5 Bytes JMP 8D43CB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 97B09A25 5 Bytes JMP 8D43CDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 97B09A79 5 Bytes JMP 8D43CFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 97B33371 5 Bytes JMP 8D43CABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3A 97B39CA9 5 Bytes JMP 8D43CC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 97B46FFC 5 Bytes JMP 8D43CAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 97B76B49 5 Bytes JMP 8D43CB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 97B950A6 5 Bytes JMP 8D43CD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 97B9A902 5 Bytes JMP 8D43CC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 97BBD707 5 Bytes JMP 8D43CCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D23F 97BC9F37 5 Bytes JMP 8D43CD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\Steve\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
? C:\Users\Steve\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wuauclt.exe[276] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[276] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[276] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[276] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[276] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[276] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[276] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[276] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[276] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[468] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[468] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[468] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[468] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00BF0600
.text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00BF0804
.text C:\Windows\system32\svchost.exe[468] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00BF0A08
.text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00BF01F8
.text C:\Windows\system32\svchost.exe[468] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00BF03FC
.text C:\Windows\System32\svchost.exe[472] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[472] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[472] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[472] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[516] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\csrss.exe[528] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[580] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[612] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[612] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000A0600
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\services.exe[656] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[656] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
 
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[704] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Dell\DellDock\DellDock.exe[764] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[828] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[828] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[828] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 002703FC
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00270600
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00271014
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00270804
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00270A08
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00270C0C
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00270E10
.text C:\Windows\RtHDVCpl.exe[828] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 002701F8
.text C:\Windows\RtHDVCpl.exe[828] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00280600
.text C:\Windows\RtHDVCpl.exe[828] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00280804
.text C:\Windows\RtHDVCpl.exe[828] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00280A08
.text C:\Windows\RtHDVCpl.exe[828] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 002801F8
.text C:\Windows\RtHDVCpl.exe[828] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 002803FC
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00A50600
.text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00A50804
.text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00A50A08
.text C:\Windows\system32\svchost.exe[916] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00A501F8
.text C:\Windows\system32\svchost.exe[916] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00A503FC
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[952] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 001A0600
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 001A0804
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 001A0A08
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001A01F8
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001A03FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
.text c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00240600
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00240804
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00240A08
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 002401F8
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 002403FC
.text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00D10600
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00D10804
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00D10A08
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00D101F8
.text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00D103FC
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\AUDIODG.EXE[1204] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000401F8
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000403FC
.text C:\Windows\servicing\TrustedInstaller.exe[1264] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000603FC
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00060600
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00061014
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00060804
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00060A08
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00060C0C
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00060E10
.text C:\Windows\servicing\TrustedInstaller.exe[1264] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000601F8
.text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
.text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
.text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
.text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
.text C:\Windows\servicing\TrustedInstaller.exe[1264] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00B00600
.text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00B00804
.text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00B00A08
.text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00B001F8
.text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00B003FC
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1360] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00360600
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00360804
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00360A08
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 003601F8
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 003603FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!SetUnhandledExceptionFilter 76CEA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
 
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001401F8
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001403FC
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00160600
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00160804
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00160A08
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Replay Media Catcher\FLVSrvc.exe[1552] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00DC0600
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00DC0804
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00DC0A08
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 00DC01F8
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 00DC03FC
.text C:\Windows\system32\igfxsrvc.exe[1868] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[1868] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[1868] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[1868] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[1868] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1928] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1928] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000A03FC
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000A0600
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000A1014
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000A0804
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000A0A08
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000A0C0C
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000A0E10
.text C:\Windows\System32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000A01F8
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 001E0600
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 001E0804
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 001E0A08
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001E01F8
.text C:\Windows\System32\spoolsv.exe[1928] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001503FC
.text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2052] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2052] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2052] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2052] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[2120] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[2120] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[2120] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\hkcmd.exe[2296] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[2296] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[2296] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[2296] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 002903FC
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00290600
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00291014
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00290804
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00290A08
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00290C0C
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00290E10
.text C:\Windows\System32\hkcmd.exe[2296] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 002901F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2372] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\igfxtray.exe[2492] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[2492] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[2492] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[2492] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00190A08
 
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[2492] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000C0600
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2496] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2592] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[2592] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[2592] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2788] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000C03FC
.text C:\Windows\System32\igfxpers.exe[2872] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[2872] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[2872] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[2872] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[2872] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[3048] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3048] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3048] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3048] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3048] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3048] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3048] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3048] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3048] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3124] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3172] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe[3260] KERNEL32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Program Files\iTunes\iTunesHelper.exe[3328] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 002F03FC
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 002F0600
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 002F1014
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 002F0804
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 002F0A08
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 002F0C0C
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 002F0E10
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 002F01F8
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00300600
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00300804
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00300A08
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 003001F8
.text C:\Program Files\Dell Remote Access\ezi_ra.exe[3416] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 003003FC
.text C:\Windows\system32\WerCon.exe[3548] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WerCon.exe[3548] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WerCon.exe[3548] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\WerCon.exe[3548] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\WerCon.exe[3548] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00090600
.text C:\Windows\system32\WerCon.exe[3548] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00090804
.text C:\Windows\system32\WerCon.exe[3548] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\WerCon.exe[3548] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\WerCon.exe[3548] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowLongA 76F0E7CD 5 Bytes JMP 621101A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!SetWindowLongW 76F113B4 5 Bytes JMP 62110135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!GetWindowInfo 76F1428E 5 Bytes JMP 61EA0924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3608] USER32.dll!TrackPopupMenu 76F214F3 5 Bytes JMP 61EA0ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Dwm.exe[3616] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[3616] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[3616] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[3616] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[3616] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[3616] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[3616] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\Dwm.exe[3616] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[3616] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3652] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 61D25B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] kernel32.dll!GetTempFileNameW 76CD1741 5 Bytes JMP 100018E0 C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] kernel32.dll!CreateFileW 76D0AECB 5 Bytes JMP 10002150 C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000D1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000D0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000D0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3664] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[3752] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3752] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3752] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00170600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00170804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00170A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00180600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00181014
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00180804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00180A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00180C0C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3824] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3920] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00070600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00070804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00070A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00080600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00081014
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00080804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00080A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00080C0C
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3944] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 000C1014
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 000C0C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 000C0E10
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 000D0600
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 000D0804
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3980] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000D03FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3984] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\Explorer.EXE[4032] ntdll.dll!LdrLoadDll 775593A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[4032] ntdll.dll!LdrUnloadDll 7756B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[4032] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!CreateServiceW 76C39EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!DeleteService 76C3A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!SetServiceObjectSecurity 76C76CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfigA 76C76DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfigW 76C76F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfig2A 76C77099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!ChangeServiceConfig2W 76C771E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[4032] ADVAPI32.dll!CreateServiceA 76C772A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[4032] USER32.dll!SetWindowsHookExA 76F06322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[4032] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[4032] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[4032] USER32.dll!SetWinEventHook 76F09F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[4032] USER32.dll!UnhookWinEvent 76F0C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\NOTEPAD.EXE[4256] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[4312] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]
.text C:\Users\Steve\Desktop\7pu3g73d.exe[6020] kernel32.dll!GetBinaryTypeW + 70 76D12247 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[656] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 010CE660
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 010CE140
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 010CD2A0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 010CEBE0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 010CC260
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 010CBBD0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 010CBF90
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 010CD100
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 010CD7C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 010CD550
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 010CD740
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 010CDC20
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 010CD930
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 010CD450
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 010CD690
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 010CD240
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 010CD0C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 010CE680
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 010CC110
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 010CE3A0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 010CE2C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 010CE280
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 010CC940
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 010CBA30
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 010CD340
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 010CB9A0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 010CBC80
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 010CA730
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 010CCC90
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 010CE650
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 010CE920
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 010CE8C0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 010CEB10
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 010CEBB0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 010CE9E0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 010CE5D0
IAT c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe[1012] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 010CE580

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB47863$\1597839925 0 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\@ 2048 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\bckfg.tmp 823 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\cfg.ini 77 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\kwrd.dll 208896 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\L 0 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\L\ogejidap 185856 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\U 0 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\U\00000002.@ 209920 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB47863$\1597839925\U\80000032.@ 71168 bytes
File C:\Windows\$NtUninstallKB47863$\4212105129 0 bytes

---- EOF - GMER 1.0.15 ----
 
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_30
Run by Steve at 23:58:24 on 2012-02-22
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell Remote Access\ezi_ra.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Steve\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1081208
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=Userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30618; AskTB5.4)" -"http://www.shockwave.com/gamelanding/football3d.jsp"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Performance Center] c:\program files\ascentive\performance center\ApcMain.exe -m
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [AntiSpyware Service] c:\windows\temp\jebqx98xo.exe
dRun: [Windows System Recover!] c:\windows\temp\login.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
TCP: Interfaces\{F882070E-ED29-47A7-8387-06A7A44F36E7} : DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\acn8vfbr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? hitmanpro35;Hitman Pro 3.5 Support Driver
R? Viewpoint Manager Service;Viewpoint Manager Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? DockLoginService;Dock Login Service
S? FontCache;Windows Font Cache Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2012-02-22 02:30:00 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4aba634b-9c5b-4aa6-ab32-26679405abea}\mpengine.dll
2012-01-27 05:09:31 -------- d-----w- c:\users\steve\appdata\roaming\TestApp
2012-01-27 04:28:02 -------- d-----w- c:\program files\ESET
2012-01-26 00:24:26 -------- d-----w- c:\program files\Lavasoft
2012-01-25 22:51:26 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-25 22:51:26 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-25 22:51:20 41184 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2012-01-29 11:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 22:34:29 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2011-12-27 05:34:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-15 14:12:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:59:11.80 ===============
 
Attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/7/2008 1:04:31 PM
System Uptime: 2/22/2012 2:56:50 PM (9 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 177.357 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.226 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2016: 2/21/2012 8:22:21 PM - Windows Update
RP2017: 2/22/2012 5:20:22 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask & Record Toolbar 4.01
avast! Free Antivirus
Browser Address Error Redirector
CCleaner
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Remote Access
Dell Support Center (Support Software)
DELL0604
DivX Version Checker
DivX Web Player
GameSpy Arcade
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PRO Network Connections 12.1.11.0
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OGA Notifier 2.0.0048.0
QuickTime
Realtek High Definition Audio Driver
Replay Media Catcher 3.11
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SUPERAntiSpyware
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
WildTangent Games
.
==== Event Viewer Messages From Past Week ========
.
2/22/2012 2:59:35 PM, Error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
2/22/2012 1:59:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi SASDIFSV SASKUTIL spldr Wanarpv6
2/22/2012 1:59:19 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/22/2012 1:59:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/22/2012 1:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/22/2012 1:58:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/22/2012 1:58:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/22/2012 1:58:18 PM, Error: EventLog [6008] - The previous system shutdown at 1:54:07 PM on 2/22/2012 was unexpected.
2/20/2012 4:57:04 AM, Error: netbt [4321] - The name "HOMECOMPUTER-PC:0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.
2/17/2012 12:38:44 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
2/17/2012 11:02:21 AM, Error: volsnap [13] - The shadow copy of volume C: could not grow its shadow copy storage on volume C:.
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
 
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 00:04:15
-----------------------------
00:04:15.049 OS Version: Windows 6.0.6002 Service Pack 2
00:04:15.050 Number of processors: 1 586 0x1601
00:04:15.051 ComputerName: STEVE-PC UserName: Steve
00:04:17.335 Initialize success
00:04:18.189 AVAST engine defs: 12022201
00:05:04.783 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:05:04.786 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 01.03E01 Size: 305245MB BusType: 3
00:05:05.030 Disk 0 MBR read successfully
00:05:05.034 Disk 0 MBR scan
00:05:05.038 Disk 0 Windows VISTA default MBR code
00:05:05.100 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
00:05:05.156 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
00:05:05.226 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294956 MB offset 21069824
00:05:05.328 Disk 0 scanning sectors +625139712
00:05:05.557 Disk 0 scanning C:\Windows\system32\drivers
00:06:27.158 Service scanning
00:06:44.234 Modules scanning
00:09:51.600 Disk 0 trace - called modules:
00:09:51.990 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:09:51.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854e2210]
00:09:52.003 3 CLASSPNP.SYS[883a98b3] -> nt!IofCallDriver -> [0x84a67958]
00:09:52.009 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a4f528]
00:09:52.882 AVAST engine scan C:\Windows
00:12:05.610 AVAST engine scan C:\Windows\system32
00:27:48.246 AVAST engine scan C:\Windows\system32\drivers
00:28:27.440 AVAST engine scan C:\Users\Steve
01:36:42.668 AVAST engine scan C:\ProgramData
02:26:32.968 Scan finished successfully
06:37:22.350 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
06:37:22.398 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.log"
 
I'm having difficulty running BTKR_RunBox, when I press any key to continue the same original message keeps coming up.
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Click on SCAN.
    [/b]
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Steve [Admin rights]
Mode: Scan -- Date: 02/25/2012 01:10:31

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\Steve\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries: 10 ¤¤¤
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AntiSpyware Service (C:\Windows\TEMP\jebqx98xo.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : Windows System Recover! (C:\Windows\TEMP\login.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : AntiSpyware Service (C:\Windows\TEMP\jebqx98xo.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : Windows System Recover! (C:\Windows\TEMP\login.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (0.0.0.0:80) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-75L9A0 ATA Device +++++
--- User ---
[MBR] 9839b7b9b5184b3246c5e883f9154a86
[BSP] cb96dfa00f188250b5f4e01fecd4dba3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Some additional comments to RogueKiller, a folder called RK_Quarantine was created on my desktop and during the time the program was open I kept getting a message stating that Internet Explorer was not responding - it kept popping up. But since the scan didn't take long it didn't come up as much. Also the program seemed to find some stuff wrong, but I didn't do anything.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I came across a problem trying to run ComboFix. I followed all the procedures, but it detected the following:

antivirus: Mcafee virusscan
antivirus: antivir desktop
antispyware: Mcafee virusscan
antispyware: antivir desktop

I was under the impression that I had removed Mcafee, I tried to search for it, but couldn't find anything concrete - just something that windows couldn't open. I attempted once to install Avira, but was also the impression that I quit that program and again I couldn't find anything concrete to remove or disable any of the two.
 
I don't know if ComboFix worked. It took maybe 10 or so hours scanning, during the scan I got a message from Windows telling me that Freeware implementation of XCACLS has stopped working. I didn't mouseclick anything but the notice that came up, so I'm unaware if it stalled or something happened. I exited and restarted the computer and I got a message that the Application 0x800106ba had failed to initialized. I also got a message telling me that the Recycle Bin is corrupted so I clicked yes to empty that drive. I thought the internet was supposed to be disconnected and some of the computer images be changed, but the icon showed internet and everything was fine. I don't know anymore. Were you at least able to maybe get a hint of what may be wrong that some programs are unable to connect/detect the internet from all the previous logs?
 
Ran ComboFix from safe mode and it said there was rootkit activity and had to reboot. So I clicked reboot, but it didn't seem like it left a log, I even looked in (C:) combofix and still nothing.
 
Status
Not open for further replies.

Similar threads

M
Help: DIY Video Wall With Smart TVs
Replies
0
Views
501
media
M
midian182
Google awarded $10 million in bug bounties last year, the second highest in the program's...
Replies
2
Views
138
toooooot
T
pcnthuziast
W11 start menu bug
Replies
0
Views
403
pcnthuziast
pcnthuziast

Latest posts

Back