1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved vista very slow locking both processors

Discussion in 'Malware and Virus Removal Archive' started by jimmymac725, 2011/07/01.

Page 1 of 2
  1. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    [Resolved] vista very slow locking both processors

    this is the wifes laptop and it has not been much fun to use of late. thanks in advance.

    heres the scans

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6960

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    6/29/2011 3:58:32 AM
    mbam-log-2011-06-29 (03-58-32).txt

    Scan type: Quick scan
    Objects scanned: 184095
    Time elapsed: 16 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-30 22:12:01
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HTS542516K9SA00 rev.BBCOC32P
    Running: vq2np3ub.exe; Driver: C:\Users\LAINIE\AppData\Local\Temp\pwdirpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E2E2202]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E2E481C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E2E4874]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E2E498A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E2E4772]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E2E48C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E2E47C6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E2E4938]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E2E2226]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E2E1FF0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E2E224A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E2E4D82]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E2E2CDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E2E484C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E2E489C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E2E49B4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E2E479E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E2E4904]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E2E47F4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E2E4962]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E2E2BA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E2E226E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E2E2292]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E2E204A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E2E2186]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E2E2162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E2E21AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E2E22B6]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EA24902]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x807BD1E8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x807BD212]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x807BD1FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x807BD1D4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 82E3A982 5 Bytes JMP 807BD1D8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text ntkrnlpa.exe!KeSetEvent + 10D 82EBB890 4 Bytes [02, 22, 2E, 8E]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 82EBB954 8 Bytes [1C, 48, 2E, 8E, 74, 48, 2E, ...]
    .text ntkrnlpa.exe!KeSetEvent + 1DD 82EBB960 4 Bytes [8A, 49, 2E, 8E]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 82EBB978 4 Bytes [72, 47, 2E, 8E]
    .text ntkrnlpa.exe!KeSetEvent + 215 82EBB998 8 Bytes [C4, 48, 2E, 8E, C6, 47, 2E, ...]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82FE65C7 5 Bytes JMP 8EA202BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 830000D3 5 Bytes JMP 807BD216 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 8301F82A 7 Bytes JMP 807BD1EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8301FAED 5 Bytes JMP 807BD202 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ObInsertObject 8303F4F3 5 Bytes JMP 8EA21D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83048E18 4 Bytes CALL 8E2E334B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8304CA8C 4 Bytes CALL 8E2E3361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 830A0DAE 7 Bytes JMP 8EA24906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D205340, 0x3ED9C7, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\rundll32.exe[668] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000601F8
    .text C:\Windows\system32\rundll32.exe[668] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000603FC
    .text C:\Windows\system32\rundll32.exe[668] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\rundll32.exe[668] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00070600
    .text C:\Windows\system32\rundll32.exe[668] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\rundll32.exe[668] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\rundll32.exe[668] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\rundll32.exe[668] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\rundll32.exe[668] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[684] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\csrss.exe[708] KERNEL32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[760] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[760] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[760] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[760] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[760] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[760] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[760] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[760] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[760] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[772] KERNEL32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\services.exe[804] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[804] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[804] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 003B0FEF
    .text C:\Windows\system32\services.exe[804] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 003B0FB9
    .text C:\Windows\system32\services.exe[804] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 003B0FCA
    .text C:\Windows\system32\services.exe[804] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 003500B5
    .text C:\Windows\system32\services.exe[804] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 003500A4
    .text C:\Windows\system32\services.exe[804] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 003500D0
    .text C:\Windows\system32\services.exe[804] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00350F39
    .text C:\Windows\system32\services.exe[804] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00350F8D
    .text C:\Windows\system32\services.exe[804] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 0035001B
    .text C:\Windows\system32\services.exe[804] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00350FCA
    .text C:\Windows\system32\services.exe[804] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00350093
    .text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00350F9E
    .text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00350051
    .text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00350FAF
    .text C:\Windows\system32\services.exe[804] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00350036
    .text C:\Windows\system32\services.exe[804] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00350082
    .text C:\Windows\system32\services.exe[804] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00350F14
    .text C:\Windows\system32\services.exe[804] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 0035000A
    .text C:\Windows\system32\services.exe[804] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00350FE5
    .text C:\Windows\system32\services.exe[804] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\services.exe[804] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00350F4A
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 003D0062
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 003D0FCA
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 003D0000
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 003D0051
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 003D007D
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 003D001B
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 003D0FE5
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 003D002C
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[804] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[804] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\services.exe[804] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\services.exe[804] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\services.exe[804] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\services.exe[804] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\services.exe[804] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 003C0FA6
    .text C:\Windows\system32\services.exe[804] msvcrt.dll!system 7602804B 5 Bytes JMP 003C0FB7
    .text C:\Windows\system32\services.exe[804] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 003C000C
    .text C:\Windows\system32\services.exe[804] msvcrt.dll!_open 7602D106 5 Bytes JMP 003C0FEF
    .text C:\Windows\system32\services.exe[804] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 003C0027
    .text C:\Windows\system32\services.exe[804] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 003C0FD2
    .text C:\Windows\system32\services.exe[804] WS2_32.dll!socket 779D36D1 5 Bytes JMP 003E0000
    .text C:\Windows\system32\lsass.exe[820] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[820] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[820] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00200FEF
    .text C:\Windows\system32\lsass.exe[820] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00200014
    .text C:\Windows\system32\lsass.exe[820] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00200FD4
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 001F0F45
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 001F0F60
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 001F00D2
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 001F00B7
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 001F0066
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 001F0011
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 001F0022
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 001F0F71
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 001F0055
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 001F0FA2
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 001F0044
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 001F0033
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 001F0081
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 001F00E3
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 001F0FDB
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 001F0000
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[820] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 001F00A6
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00220014
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00220F83
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00220FEF
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00220F72
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00220F61
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00220FB9
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00220FCA
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00220F9E
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[820] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00210FC8
    .text C:\Windows\system32\lsass.exe[820] msvcrt.dll!system 7602804B 5 Bytes JMP 00210FE3
    .text C:\Windows\system32\lsass.exe[820] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 0021002E
    .text C:\Windows\system32\lsass.exe[820] msvcrt.dll!_open 7602D106 5 Bytes JMP 00210000
    .text C:\Windows\system32\lsass.exe[820] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00210049
    .text C:\Windows\system32\lsass.exe[820] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 0021001D
    .text C:\Windows\system32\lsass.exe[820] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[820] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[820] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[820] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[820] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[820] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00230000
    .text C:\Windows\system32\lsm.exe[828] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[828] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[828] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\winlogon.exe[872] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[872] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[872] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000603FC
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00061014
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00060C0C
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00060E10
    .text C:\Windows\system32\winlogon.exe[872] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[872] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00070600
    .text C:\Windows\system32\winlogon.exe[872] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\winlogon.exe[872] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\winlogon.exe[872] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\winlogon.exe[872] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
     
    jimmymac725,
    #1
  2. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00100FEF
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 000F0078
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 000F0F3C
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 000F00B8
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 000F0F21
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 000F0F72
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 000F0FCA
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 000F0FB9
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 000F0F57
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 000F0F83
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 000F0036
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 000F0F94
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 000F0025
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 000F005D
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 000F0EFC
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 000F0FE5
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 000F0000
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1012] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 000F0093
    .text C:\Windows\system32\svchost.exe[1012] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00110F88
    .text C:\Windows\system32\svchost.exe[1012] msvcrt.dll!system 7602804B 5 Bytes JMP 0011001D
    .text C:\Windows\system32\svchost.exe[1012] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00110FC8
    .text C:\Windows\system32\svchost.exe[1012] msvcrt.dll!_open 7602D106 5 Bytes JMP 00110FEF
    .text C:\Windows\system32\svchost.exe[1012] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00110FB7
    .text C:\Windows\system32\svchost.exe[1012] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 0011000C
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00120F83
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00120FAF
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00120FEF
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00120F94
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00120040
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00120FDE
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 0012000A
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00120025
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 002F0600
    .text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 002F0804
    .text C:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 002F0A08
    .text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 002F01F8
    .text C:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 002F03FC
    .text C:\Windows\system32\svchost.exe[1012] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00130FE5
    .text C:\Windows\system32\nvvsvc.exe[1068] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Windows\system32\nvvsvc.exe[1068] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Windows\system32\nvvsvc.exe[1068] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\nvvsvc.exe[1068] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00270600
    .text C:\Windows\system32\nvvsvc.exe[1068] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00270804
    .text C:\Windows\system32\nvvsvc.exe[1068] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00270A08
    .text C:\Windows\system32\nvvsvc.exe[1068] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 002701F8
    .text C:\Windows\system32\nvvsvc.exe[1068] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 002703FC
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 002803FC
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00280600
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00281014
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00280804
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00280A08
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00280C0C
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00280E10
    .text C:\Windows\system32\nvvsvc.exe[1068] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 002801F8
    .text C:\Windows\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00AC0FEF
    .text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00AC0FD4
    .text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00AC000A
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00AB0F43
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00AB0F54
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00AB009A
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00AB0F03
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00AB0064
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00AB0FD4
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00AB001B
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00AB0075
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00AB0053
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00AB0FA5
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00AB0F94
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00AB002C
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00AB0F6F
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00AB0EE8
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00AB0000
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00AB0FEF
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1100] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00AB0F1E
    .text C:\Windows\system32\svchost.exe[1100] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00AE0FA3
    .text C:\Windows\system32\svchost.exe[1100] msvcrt.dll!system 7602804B 5 Bytes JMP 00AE0FBE
    .text C:\Windows\system32\svchost.exe[1100] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00AE0FD9
    .text C:\Windows\system32\svchost.exe[1100] msvcrt.dll!_open 7602D106 5 Bytes JMP 00AE0000
    .text C:\Windows\system32\svchost.exe[1100] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00AE002E
    .text C:\Windows\system32\svchost.exe[1100] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00AE0011
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00C90058
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00C90047
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00C90000
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00C90FC0
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00C90069
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00C9001B
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00C90FDB
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00C90036
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1100] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00CF0FE5
    .text C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00240000
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00240025
    .text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00240FE5
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 0023008C
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00230F46
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 002300D3
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 002300B8
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00230F72
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00230FDE
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00230FC3
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 0023007B
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00230F83
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00230F94
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00230040
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00230025
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00230F61
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00230F2B
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 0023000A
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00230FEF
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1136] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 0023009D
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00250F9A
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!system 7602804B 5 Bytes JMP 00250025
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00250FB5
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_open 7602D106 5 Bytes JMP 00250FEF
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00250014
    .text C:\Windows\System32\svchost.exe[1136] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00250FD2
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00260F8D
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00260FB9
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00260000
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00260FA8
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00260F7C
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00260FDB
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00260011
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00260FCA
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00120600
    .text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00120804
    .text C:\Windows\System32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00120A08
    .text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001201F8
    .text C:\Windows\System32\svchost.exe[1136] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001203FC
    .text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket 779D36D1 3 Bytes JMP 00290000
    .text C:\Windows\System32\svchost.exe[1136] WS2_32.dll!socket + 4 779D36D5 1 Byte [88]
    .text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenA 77224E2B 5 Bytes JMP 0027000A
    .text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 7722BFCE 5 Bytes JMP 00270FE5
    .text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenW 7725C03E 5 Bytes JMP 0027001B
    .text C:\Windows\System32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 7728D722 5 Bytes JMP 00270FCA
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00B20FE5
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00B20011
    .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00B20000
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00B10F3C
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00B10F4D
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00B100BF
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00B100A4
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00B10F94
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00B1001B
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00B10FCA
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00B10F68
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00B1006C
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00B10FB9
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00B1005B
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00B10040
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00B10F83
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00B100D0
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00B10FE5
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00B10000
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00B10093
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00C50FA3
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!system 7602804B 5 Bytes JMP 00C50FBE
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00C5002E
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_open 7602D106 5 Bytes JMP 00C50000
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00C50FD9
    .text C:\Windows\System32\svchost.exe[1192] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00C5001D
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00C70036
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00C70FAF
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00C70000
     
    jimmymac725,
    #2


  3. to hide this advert.

  4. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00C70F94
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00C70047
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00C70FCA
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00C70FDB
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00C70025
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000B0600
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00AC0600
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00AC0804
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00AC0A08
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 00AC01F8
    .text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 00AC03FC
    .text C:\Windows\System32\svchost.exe[1192] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00D50000
    .text C:\Windows\System32\svchost.exe[1224] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 01410FEF
    .text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 01410025
    .text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 01410014
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 01400EF0
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 01400F0B
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 01400076
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 0140005B
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 01400F26
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 01400FC3
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 01400F9E
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 01400036
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 01400F41
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 0140000A
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 01400F68
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 01400F83
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 0140001B
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 01400EC4
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 01400FD4
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 01400FEF
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1224] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 01400ED5
    .text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 01460F9C
    .text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!system 7602804B 5 Bytes JMP 01460FAD
    .text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 01460FC8
    .text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_open 7602D106 5 Bytes JMP 01460FEF
    .text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 01460027
    .text C:\Windows\System32\svchost.exe[1224] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 0146000C
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 011B0F94
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 011B0FA5
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 011B0000
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 011B002C
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 011B0F83
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 011B001B
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 011B0FE5
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 011B0FC0
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00A30600
    .text C:\Windows\System32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00A30804
    .text C:\Windows\System32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00A30A08
    .text C:\Windows\System32\svchost.exe[1224] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 00A301F8
    .text C:\Windows\System32\svchost.exe[1224] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 00A303FC
    .text C:\Windows\System32\svchost.exe[1224] WS2_32.dll!socket 779D36D1 5 Bytes JMP 01470000
    .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00CF0FE5
    .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00CF0FD4
    .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00CF0000
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00CE007B
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00CE0F35
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00CE0096
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00CE0EF5
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00CE003B
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00CE0FCA
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00CE0FB9
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00CE0056
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00CE0F61
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00CE0F8D
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00CE0F72
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00CE0F9E
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00CE0F46
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00CE0EE4
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00CE0FEF
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00CE000A
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1236] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00CE0F10
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00D00FA8
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!system 7602804B 5 Bytes JMP 00D00FB9
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00D00029
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_open 7602D106 5 Bytes JMP 00D0000C
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00D00FCA
    .text C:\Windows\system32\svchost.exe[1236] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00D00FEF
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00CD0F9E
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00CD0FAF
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00CD0000
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00CD0036
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00CD0F79
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00CD0FDB
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00CD001B
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00CD0FCA
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\svchost.exe[1236] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\svchost.exe[1236] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001003FC
    .text C:\Windows\system32\svchost.exe[1236] WS2_32.dll!socket 779D36D1 5 Bytes JMP 01180FEF
    .text C:\Windows\system32\svchost.exe[1236] WININET.dll!InternetOpenA 77224E2B 5 Bytes JMP 01340FEF
    .text C:\Windows\system32\svchost.exe[1236] WININET.dll!InternetOpenUrlA 7722BFCE 5 Bytes JMP 01340FB9
    .text C:\Windows\system32\svchost.exe[1236] WININET.dll!InternetOpenW 7725C03E 5 Bytes JMP 01340FCA
    .text C:\Windows\system32\svchost.exe[1236] WININET.dll!InternetOpenUrlW 7728D722 5 Bytes JMP 01340F9E
    .text C:\Windows\system32\AUDIODG.EXE[1324] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 000E0FEF
    .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 000E0FC3
    .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 000E0FDE
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 000D0FA3
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 000D0FBE
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 000D0F77
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 000D0F88
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 000D00B3
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 000D0025
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 000D0036
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 000D00DF
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 000D00A2
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 000D0076
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 000D0091
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 000D005B
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 000D00CE
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 000D0133
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 000D000A
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 000D0FE5
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 000D010E
    .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 000F0F92
    .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!system 7602804B 5 Bytes JMP 000F001D
    .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 000F000C
    .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_open 7602D106 5 Bytes JMP 000F0FE3
    .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 000F0FB7
    .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 000F0FD2
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 000C0F90
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 000C0FA1
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 000C0FEF
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 000C0028
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 000C0F75
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 000C0FC3
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 000C0FDE
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 000C0FB2
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1340] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00100000
    .text C:\Windows\system32\SLsvc.exe[1360] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00E90000
    .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00E9002C
    .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00E90011
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00CC0F43
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00CC0089
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00CC00BF
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00CC00AE
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00CC0053
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00CC0FC0
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00CC0011
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00CC0F54
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00CC0F79
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00CC0F94
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00CC0036
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00CC0FA5
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00CC0064
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00CC0F0D
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00CC0FE5
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00CC0000
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00CC0F32
    .text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00EA0069
    .text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!system 7602804B 5 Bytes JMP 00EA0058
    .text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00EA0FDE
    .text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_open 7602D106 5 Bytes JMP 00EA0FEF
    .text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00EA003D
    .text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00EA0018
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00180F91
    .text
     
    jimmymac725,
    #3
  5. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00180FBD
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00180000
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00180FAC
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00180044
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00180022
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00180011
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00180033
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00AE0600
    .text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00AE0804
    .text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00AE0A08
    .text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 00AE01F8
    .text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 00AE03FC
    .text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!socket 779D36D1 5 Bytes JMP 0120000A
    .text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenA 77224E2B 5 Bytes JMP 00FF0FEF
    .text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlA 7722BFCE 5 Bytes JMP 00FF0FC0
    .text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenW 7725C03E 5 Bytes JMP 00FF0000
    .text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlW 7728D722 5 Bytes JMP 00FF0011
    .text C:\Windows\system32\svchost.exe[1532] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1532] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00D10FE5
    .text C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00D10011
    .text C:\Windows\system32\svchost.exe[1532] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00D10000
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00CF0F4B
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00CF0091
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00CF00C7
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00CF0F30
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00CF0F70
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00CF0025
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00CF0FD4
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00CF0076
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00CF0F97
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00CF0FB9
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00CF0FA8
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00CF0040
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00CF0065
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00CF0F15
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00CF000A
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00CF0FEF
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1532] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00CF00B6
    .text C:\Windows\system32\svchost.exe[1532] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00D6002C
    .text C:\Windows\system32\svchost.exe[1532] msvcrt.dll!system 7602804B 5 Bytes JMP 00D60FAB
    .text C:\Windows\system32\svchost.exe[1532] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00D60FC6
    .text C:\Windows\system32\svchost.exe[1532] msvcrt.dll!_open 7602D106 5 Bytes JMP 00D60000
    .text C:\Windows\system32\svchost.exe[1532] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00D60011
    .text C:\Windows\system32\svchost.exe[1532] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00D60FD7
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00CE0F72
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00CE0F9E
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00CE0000
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00CE0F83
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00CE0F61
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00CE0FCA
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00CE0FDB
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00CE0FAF
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1532] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00240600
    .text C:\Windows\system32\svchost.exe[1532] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00240804
    .text C:\Windows\system32\svchost.exe[1532] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00240A08
    .text C:\Windows\system32\svchost.exe[1532] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 002401F8
    .text C:\Windows\system32\svchost.exe[1532] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 002403FC
    .text C:\Windows\system32\svchost.exe[1532] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00DB0000
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001403FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00160600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00160804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00160A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[1548] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!SetUnhandledExceptionFilter 7765A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1664] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[2000] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[2000] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 001A0600
    .text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 001A0804
    .text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 001A0A08
    .text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001A01F8
    .text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001A03FC
    .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00AC0FEF
    .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00AC0FC3
    .text C:\Windows\system32\svchost.exe[2024] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00AC0FD4
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00AB0067
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00AB0F2B
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00AB0EE4
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00AB0EFF
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00AB0F57
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00AB0FCD
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00AB0FBC
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00AB0056
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00AB002F
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00AB0F86
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00AB001E
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00AB0FA1
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00AB0F46
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00AB0ED3
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00AB0FDE
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00AB0FEF
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2024] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00AB0F10
    .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00A90FB7
    .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!system 7602804B 5 Bytes JMP 00A90042
    .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00A90FE3
    .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!_open 7602D106 5 Bytes JMP 00A90000
    .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00A90FC8
    .text C:\Windows\system32\svchost.exe[2024] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00A9001D
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00AA0062
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00AA002C
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00AA0000
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00AA0047
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00AA0FAF
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00AA0FDB
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00AA0011
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00AA0FC0
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2024] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[2024] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[2024] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[2024] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[2024] WS2_32.dll!socket 779D36D1 5 Bytes JMP 019B0FEF
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000401F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000403FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2072] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe[2088] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2104] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00190600
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00190804
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00190A08
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001901F8
    .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001903FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2168] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2300] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 6B2F9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 6B2F9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2308] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001401F8
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001403FC
     
    jimmymac725,
    #4
  6. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Windows\system32\FsUsbExService.Exe[2336] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\FsUsbExService.Exe[2336] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00160600
    .text C:\Windows\system32\FsUsbExService.Exe[2336] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00160804
    .text C:\Windows\system32\FsUsbExService.Exe[2336] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00160A08
    .text C:\Windows\system32\FsUsbExService.Exe[2336] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001601F8
    .text C:\Windows\system32\FsUsbExService.Exe[2336] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001603FC
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Windows\system32\FsUsbExService.Exe[2336] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\svchost.exe[2416] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[2416] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[2416] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00C70000
    .text C:\Windows\system32\svchost.exe[2416] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00C70022
    .text C:\Windows\system32\svchost.exe[2416] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00C70011
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00C600DA
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00C600C9
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00C60F5E
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00C60F79
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00C60082
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00C60FB9
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00C60014
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00C600B8
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!LoadLibraryExW 77659109 3 Bytes JMP 00C6005B
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!LoadLibraryExW + 4 7765910D 1 Byte [89]
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00C60FA8
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00C6004A
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00C6002F
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00C6009D
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00C60F43
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00C60FCA
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00C60FEF
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2416] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00C600F5
    .text C:\Windows\system32\svchost.exe[2416] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00B20066
    .text C:\Windows\system32\svchost.exe[2416] msvcrt.dll!system 7602804B 5 Bytes JMP 00B20055
    .text C:\Windows\system32\svchost.exe[2416] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00B20033
    .text C:\Windows\system32\svchost.exe[2416] msvcrt.dll!_open 7602D106 5 Bytes JMP 00B2000C
    .text C:\Windows\system32\svchost.exe[2416] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00B20044
    .text C:\Windows\system32\svchost.exe[2416] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00B20FEF
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00C50069
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00C5003D
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00C50000
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00C50058
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00C50FAC
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00C50FDB
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00C50011
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00C5002C
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[2416] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[2416] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00CB0600
    .text C:\Windows\system32\svchost.exe[2416] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00CB0804
    .text C:\Windows\system32\svchost.exe[2416] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00CB0A08
    .text C:\Windows\system32\svchost.exe[2416] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 00CB01F8
    .text C:\Windows\system32\svchost.exe[2416] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 00CB03FC
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001903FC
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00190600
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00191014
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00190804
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00190A08
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00190C0C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00190E10
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001901F8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 001A0600
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 001A0804
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 001A0A08
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001A01F8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2452] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001A03FC
    .text C:\Windows\system32\taskeng.exe[2508] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2508] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2508] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2508] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2508] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\taskeng.exe[2508] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\taskeng.exe[2508] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\taskeng.exe[2508] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\taskeng.exe[2508] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000C03FC
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2532] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\mfevtps.exe[2596] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\mfevtps.exe[2596] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\mfevtps.exe[2596] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\mfevtps.exe[2596] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\mfevtps.exe[2596] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\mfevtps.exe[2596] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\mfevtps.exe[2596] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\mfevtps.exe[2596] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\mfevtps.exe[2596] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\Dwm.exe[2608] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\Dwm.exe[2608] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\Dwm.exe[2608] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\Dwm.exe[2608] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\Dwm.exe[2608] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\Dwm.exe[2608] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\Dwm.exe[2608] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\Dwm.exe[2608] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\Dwm.exe[2608] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\svchost.exe[2644] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[2644] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[2644] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00160FEF
    .text C:\Windows\System32\svchost.exe[2644] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00160FCD
    .text C:\Windows\System32\svchost.exe[2644] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00160FDE
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00150F22
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00150F3D
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00150EF3
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 0015008A
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00150F70
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00150FCA
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 0015001B
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00150F4E
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00150F81
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00150040
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00150F9E
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00150FB9
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00150F5F
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00150ED8
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00150FDB
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00150000
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2644] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00150079
    .text C:\Windows\System32\svchost.exe[2644] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 000F004C
    .text C:\Windows\System32\svchost.exe[2644] msvcrt.dll!system 7602804B 5 Bytes JMP 000F0FC1
    .text C:\Windows\System32\svchost.exe[2644] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 000F000C
    .text C:\Windows\System32\svchost.exe[2644] msvcrt.dll!_open 7602D106 5 Bytes JMP 000F0FEF
    .text C:\Windows\System32\svchost.exe[2644] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 000F0031
    .text C:\Windows\System32\svchost.exe[2644] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 000F0FD2
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00100051
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00100FB9
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00100FEF
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00100040
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00100062
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00100FD4
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 0010000A
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00100025
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[2644] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[2644] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000C0600
    .text C:\Windows\System32\svchost.exe[2644] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000C0804
    .text C:\Windows\System32\svchost.exe[2644] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\System32\svchost.exe[2644] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\System32\svchost.exe[2644] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\svchost.exe[2644] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00170000
    .text C:\Windows\Explorer.EXE[2692] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[2692] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[2692] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 03C30000
    .text C:\Windows\Explorer.EXE[2692] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 03C30022
    .text C:\Windows\Explorer.EXE[2692] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 03C30011
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 03BB00BB
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 03BB0F75
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 03BB0F50
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 03BB00F1
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 03BB007B
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 03BB0FCD
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 03BB0FBC
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 03BB0F86
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 03BB005E
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 03BB0032
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 03BB004D
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 03BB0FAB
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 03BB0096
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 03BB010C
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 03BB0FDE
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 03BB0FEF
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2692] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 03BB00D6
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegCreateKeyExA 762539AB 3 Bytes JMP 03B1005B
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegCreateKeyExA + 4 762539AF 1 Byte [8D]
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegCreateKeyA 76253BA9 3 Bytes JMP 03B10036
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegCreateKeyA + 4 76253BAD 1 Byte [8D]
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegOpenKeyA 762589C7 3 Bytes JMP 03B10FEF
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegOpenKeyA + 4 762589CB 1 Byte [8D]
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 03B10FB9
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 03B10076
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 03B10025
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 03B10014
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 03B10FCA
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[2692] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[2692] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[2692] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[2692] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[2692] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[2692] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\Explorer.EXE[2692] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 03C40031
    .text C:\Windows\Explorer.EXE[2692] msvcrt.dll!system 7602804B 5 Bytes JMP 03C40FA6
    .text C:\Windows\Explorer.EXE[2692] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 03C4000C
    .text C:\Windows\Explorer.EXE[2692] msvcrt.dll!_open 7602D106 5 Bytes JMP 03C40FEF
    .text C:\Windows\Explorer.EXE[2692] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 03C40FB7
    .text C:\Windows\Explorer.EXE[2692] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 03C40FDE
    .text C:\Windows\Explorer.EXE[2692] WININET.dll!InternetOpenA 77224E2B 5 Bytes JMP 03C50FEF
    .text C:\Windows\Explorer.EXE[2692] WININET.dll!InternetOpenUrlA 7722BFCE 5 Bytes JMP 03C50FCA
    .text C:\Windows\Explorer.EXE[2692] WININET.dll!InternetOpenW 7725C03E 5 Bytes JMP 03C50000
    .text C:\Windows\Explorer.EXE[2692] WININET.dll!InternetOpenUrlW 7728D722 5 Bytes JMP 03C5001B
    .text C:\Windows\Explorer.EXE[2692] WS2_32.dll!socket 779D36D1 5 Bytes JMP 03DB0000
    .text C:\Windows\System32\svchost.exe[2704] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[2704] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[2704] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00140FE5
     
    jimmymac725,
    #5
  7. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Windows\System32\svchost.exe[2704] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00140000
    .text C:\Windows\System32\svchost.exe[2704] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00140FD4
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00130F32
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00130078
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 0013009D
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00130F06
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00130F4D
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00130FC0
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00130011
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 0013005D
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00130F5E
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00130F80
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00130F6F
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00130F9B
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 0013004C
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00130EEB
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00130000
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00130FEF
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2704] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00130F21
    .text C:\Windows\System32\svchost.exe[2704] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00110FAA
    .text C:\Windows\System32\svchost.exe[2704] msvcrt.dll!system 7602804B 5 Bytes JMP 0011003F
    .text C:\Windows\System32\svchost.exe[2704] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 0011001D
    .text C:\Windows\System32\svchost.exe[2704] msvcrt.dll!_open 7602D106 5 Bytes JMP 00110000
    .text C:\Windows\System32\svchost.exe[2704] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 0011002E
    .text C:\Windows\System32\svchost.exe[2704] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00110FEF
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00120F80
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00120F9B
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00120FE5
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 0012002C
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00120F6F
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00120011
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00120000
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00120FC0
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[2704] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!SetWindowsHookExA 77A66322 3 Bytes JMP 00320600
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!SetWindowsHookExA + 4 77A66326 1 Byte [88]
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!SetWindowsHookExW 77A687AD 3 Bytes JMP 00320804
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!SetWindowsHookExW + 4 77A687B1 1 Byte [88]
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00320A08
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!SetWinEventHook 77A69F3A 3 Bytes JMP 003201F8
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!SetWinEventHook + 4 77A69F3E 1 Byte [88]
    .text C:\Windows\System32\svchost.exe[2704] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 003203FC
    .text C:\Windows\System32\svchost.exe[2704] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00150FEF
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2748] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\svchost.exe[2760] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2760] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2760] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00C60000
    .text C:\Windows\system32\svchost.exe[2760] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00C60011
    .text C:\Windows\system32\svchost.exe[2760] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00C60FE5
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00C50F65
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00C500AB
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00C50F40
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00C500E1
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00C5007F
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00C50FCA
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00C50FAF
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00C50F80
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00C50062
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00C50036
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00C50047
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00C5001B
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00C50090
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00C500F2
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00C50000
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00C50FE5
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2760] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00C500C6
    .text C:\Windows\system32\svchost.exe[2760] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00B1007A
    .text C:\Windows\system32\svchost.exe[2760] msvcrt.dll!system 7602804B 5 Bytes JMP 00B10055
    .text C:\Windows\system32\svchost.exe[2760] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00B10029
    .text C:\Windows\system32\svchost.exe[2760] msvcrt.dll!_open 7602D106 5 Bytes JMP 00B1000C
    .text C:\Windows\system32\svchost.exe[2760] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00B10044
    .text C:\Windows\system32\svchost.exe[2760] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00B10FEF
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00B20073
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00B20062
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00B20000
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyW 7626391E 3 Bytes JMP 00B20FD1
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyW + 4 76263922 1 Byte [8A]
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyExW 762641F1 3 Bytes JMP 00B20FB6
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyExW + 4 762641F5 1 Byte [8A]
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyExA 76267C42 3 Bytes JMP 00B20036
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyExA + 4 76267C46 1 Byte [8A]
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyW 7626E2B5 3 Bytes JMP 00B2001B
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyW + 4 7626E2B9 1 Byte [8A]
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00B20047
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2760] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2760] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[2760] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[2760] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[2760] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[2760] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[2760] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00C70000
    .text C:\Windows\system32\taskeng.exe[2768] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2768] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2768] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2768] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2768] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2768] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2768] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[2768] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2768] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001403FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00160600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00160804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00160A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2792] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Windows\system32\rundll32.exe[2812] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000601F8
    .text C:\Windows\system32\rundll32.exe[2812] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000603FC
    .text C:\Windows\system32\rundll32.exe[2812] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\rundll32.exe[2812] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00070600
    .text C:\Windows\system32\rundll32.exe[2812] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\rundll32.exe[2812] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\rundll32.exe[2812] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\rundll32.exe[2812] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000C0600
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000C1014
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000C0804
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000C0C0C
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000C0E10
    .text C:\Windows\system32\rundll32.exe[2812] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000C01F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[3096] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\HP Wireless Adapter\HPWLan.exe[3116] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001903FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00190600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00191014
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00190804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00190A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00190C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00190E10
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3144] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001901F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3168] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3192] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3208] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\McAfee.com\Agent\mcagent.exe[3216] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3288] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\ctfmon.exe[3296] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3328] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
     
    jimmymac725,
    #6
  8. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00190600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00190804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00190A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001901F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3360] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001903FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3380] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3396] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001903FC
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00190600
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00191014
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00190804
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00190A08
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00190C0C
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00190E10
    .text C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe[3424] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001901F8
    .text C:\Windows\system32\svchost.exe[3464] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3464] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3464] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00AD0FEF
    .text C:\Windows\system32\svchost.exe[3464] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00AD0FB9
    .text C:\Windows\system32\svchost.exe[3464] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00AD0FD4
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00AC00B8
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00AC0F72
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00AC0F32
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00AC0F43
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00AC005D
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00AC0014
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00AC0025
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00AC0093
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00AC0F83
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00AC0036
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00AC0F94
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00AC0FB9
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00AC0078
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00AC00E4
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00AC0FD4
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00AC0FEF
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3464] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00AC00C9
    .text C:\Windows\system32\svchost.exe[3464] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00280040
    .text C:\Windows\system32\svchost.exe[3464] msvcrt.dll!system 7602804B 5 Bytes JMP 00280FB5
    .text C:\Windows\system32\svchost.exe[3464] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00280FC6
    .text C:\Windows\system32\svchost.exe[3464] msvcrt.dll!_open 7602D106 5 Bytes JMP 00280FEF
    .text C:\Windows\system32\svchost.exe[3464] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00280025
    .text C:\Windows\system32\svchost.exe[3464] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00280000
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00AB0051
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00AB0040
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00AB0FEF
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00AB0FAF
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00AB0062
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00AB0025
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00AB000A
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00AB0FD4
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3464] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[3464] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00B20FEF
    .text C:\Windows\ehome\ehtray.exe[3488] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000901F8
    .text C:\Windows\ehome\ehtray.exe[3488] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000903FC
    .text C:\Windows\ehome\ehtray.exe[3488] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000B0600
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\ehome\ehtray.exe[3488] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\ehome\ehtray.exe[3488] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000C0600
    .text C:\Windows\ehome\ehtray.exe[3488] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000C0804
    .text C:\Windows\ehome\ehtray.exe[3488] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000C0A08
    .text C:\Windows\ehome\ehtray.exe[3488] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\ehome\ehtray.exe[3488] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000C03FC
    .text C:\Windows\System32\svchost.exe[3516] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[3516] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[3516] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 000D000A
    .text C:\Windows\System32\svchost.exe[3516] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 000D0FD4
    .text C:\Windows\System32\svchost.exe[3516] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 000D0FE5
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 000C00BF
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 000C0F79
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 000C0106
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 000C00EB
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 000C0090
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 000C002C
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 000C0047
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 000C0F94
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 000C007F
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 000C0FC0
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 000C0062
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 000C0FDB
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 000C0FA5
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 000C0121
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 000C001B
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 000C0000
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[3516] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 000C00DA
    .text C:\Windows\System32\svchost.exe[3516] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00090049
    .text C:\Windows\System32\svchost.exe[3516] msvcrt.dll!system 7602804B 5 Bytes JMP 00090FBE
    .text C:\Windows\System32\svchost.exe[3516] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 0009001D
    .text C:\Windows\System32\svchost.exe[3516] msvcrt.dll!_open 7602D106 5 Bytes JMP 00090FE3
    .text C:\Windows\System32\svchost.exe[3516] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00090038
    .text C:\Windows\System32\svchost.exe[3516] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00090000
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 000B0FB6
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 000B0047
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 000B0000
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 000B0062
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 000B0FA5
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 000B001B
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 000B0FE5
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 000B002C
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[3516] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000903FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00090600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00091014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00090C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00090E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000901F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000A0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000A0804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000A0A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000A01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3544] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000A03FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00090600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00090804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00090A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3640] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000903FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3668] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\SearchIndexer.exe[3700] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[3700] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[3700] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[3700] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[3700] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
     
    jimmymac725,
    #7
  9. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Windows\system32\SearchIndexer.exe[3700] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[3700] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\SearchIndexer.exe[3700] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[3700] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\ehome\ehmsas.exe[3784] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000801F8
    .text C:\Windows\ehome\ehmsas.exe[3784] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000803FC
    .text C:\Windows\ehome\ehmsas.exe[3784] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000A03FC
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000A0600
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000A1014
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000A0804
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000A0A08
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000A0C0C
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000A0E10
    .text C:\Windows\ehome\ehmsas.exe[3784] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000A01F8
    .text C:\Windows\ehome\ehmsas.exe[3784] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000B0600
    .text C:\Windows\ehome\ehmsas.exe[3784] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000B0804
    .text C:\Windows\ehome\ehmsas.exe[3784] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000B0A08
    .text C:\Windows\ehome\ehmsas.exe[3784] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\ehome\ehmsas.exe[3784] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000B03FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3848] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001401F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001403FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001603FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00160600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00161014
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00160804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00160A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00160C0C
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00160E10
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001601F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[3856] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00280600
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00280804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00280A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 002801F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 002803FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 002903FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00290600
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00291014
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00290804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00290A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00290C0C
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00290E10
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3944] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 002901F8
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000A03FC
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000A0600
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000A1014
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000A0804
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000A0A08
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000A0C0C
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000A0E10
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000A01F8
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000B0600
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000B0804
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000B0A08
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000B01F8
    .text C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe[4004] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000B03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00040000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 0004001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00040FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 000100B5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00010F6F
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00010F39
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00010F4A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00010FB6
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00010022
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00010033
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00010F80
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00010090
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00010069
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00010FC7
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00010044
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00010F9B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00010F14
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00010011
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00010000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 000100C6
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00070F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00070FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 0007000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00070FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00070065
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 0007002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 0007001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00070FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000B03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000B0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000B1014
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000B0804
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000B0A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000B0C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000B0E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000B01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000C0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000C0804
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000C0A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000C01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000C03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!EnableWindow 77A6CD8B 5 Bytes JMP 6DDE98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxParamW 77A910B0 5 Bytes JMP 6DD415E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxIndirectParamW 77A92EF5 5 Bytes JMP 6DF35E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxParamA 77AA8152 5 Bytes JMP 6DF35E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!DialogBoxIndirectParamA 77AA847D 5 Bytes JMP 6DF35EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxIndirectA 77ABD4D9 5 Bytes JMP 6DF35DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxIndirectW 77ABD5D3 5 Bytes JMP 6DF35D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxExA 77ABD639 5 Bytes JMP 6DF35CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] USER32.dll!MessageBoxExW 77ABD65D 5 Bytes JMP 6DF35C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00080F90
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] msvcrt.dll!system 7602804B 5 Bytes JMP 00080FA1
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00080011
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] msvcrt.dll!_open 7602D106 5 Bytes JMP 00080FE3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00080FBC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00080000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] WININET.dll!InternetOpenA 77224E2B 5 Bytes JMP 00090FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] WININET.dll!InternetOpenUrlA 7722BFCE 5 Bytes JMP 00090000
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] WININET.dll!InternetOpenW 7725C03E 5 Bytes JMP 00090FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] WININET.dll!InternetOpenUrlW 7728D722 5 Bytes JMP 00090FA5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4200] WS2_32.dll!socket 779D36D1 5 Bytes JMP 002C000A
    .text C:\Windows\system32\wuauclt.exe[4596] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wuauclt.exe[4596] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wuauclt.exe[4596] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00040000
    .text C:\Windows\system32\wuauclt.exe[4596] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00040022
    .text C:\Windows\system32\wuauclt.exe[4596] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00040011
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 000100AC
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 0001009B
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00010F1F
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00010F3A
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00010F8B
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00010FDE
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00010FCD
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00010F70
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00010065
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00010FB2
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00010054
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00010039
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 0001008A
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 000100D1
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00010014
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00010FEF
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\wuauclt.exe[4596] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00010F4B
    .text C:\Windows\system32\wuauclt.exe[4596] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00090FCD
    .text C:\Windows\system32\wuauclt.exe[4596] msvcrt.dll!system 7602804B 5 Bytes JMP 00090058
    .text C:\Windows\system32\wuauclt.exe[4596] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00090033
    .text C:\Windows\system32\wuauclt.exe[4596] msvcrt.dll!_open 7602D106 5 Bytes JMP 00090000
    .text C:\Windows\system32\wuauclt.exe[4596] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00090FDE
    .text C:\Windows\system32\wuauclt.exe[4596] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 00090FEF
    .text C:\Windows\system32\wuauclt.exe[4596] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\wuauclt.exe[4596] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\wuauclt.exe[4596] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\wuauclt.exe[4596] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\wuauclt.exe[4596] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000B03FC
    .text
     
    jimmymac725,
    #8
  10. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 000A0062
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 000A0047
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 000A000A
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 000A0FCA
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 000A0FAF
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 000A0036
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 000A001B
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 000A0FE5
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000C0600
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000C1014
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000C0804
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000C0C0C
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000C0E10
    .text C:\Windows\system32\wuauclt.exe[4596] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000C01F8
    .text C:\Users\LAINIE\Downloads\vq2np3ub.exe[4660] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4788] KERNEL32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4836] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4984] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\svchost.exe[5192] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[5192] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[5192] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00040000
    .text C:\Windows\system32\svchost.exe[5192] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 0004002C
    .text C:\Windows\system32\svchost.exe[5192] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 0004001B
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00010F48
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00010F63
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 000100A9
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00010F1C
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 00010F74
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00010022
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00010FD1
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00010084
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 0001004E
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00010FA5
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 0001003D
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00010FB6
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00010073
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 000100BA
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00010011
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00010000
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[5192] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00010F2D
    .text C:\Windows\system32\svchost.exe[5192] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 00080FAD
    .text C:\Windows\system32\svchost.exe[5192] msvcrt.dll!system 7602804B 5 Bytes JMP 00080038
    .text C:\Windows\system32\svchost.exe[5192] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 0008001D
    .text C:\Windows\system32\svchost.exe[5192] msvcrt.dll!_open 7602D106 5 Bytes JMP 00080FEF
    .text C:\Windows\system32\svchost.exe[5192] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00080FC8
    .text C:\Windows\system32\svchost.exe[5192] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 0008000C
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 00090040
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 0009002F
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00090FEF
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 00090F9E
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 0009005B
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 00090014
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00090FDE
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 00090FC3
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[5192] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[5192] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00E70600
    .text C:\Windows\system32\svchost.exe[5192] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00E70804
    .text C:\Windows\system32\svchost.exe[5192] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00E70A08
    .text C:\Windows\system32\svchost.exe[5192] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 00E701F8
    .text C:\Windows\system32\svchost.exe[5192] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 00E703FC
    .text C:\Windows\system32\svchost.exe[5192] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00CF0FE5
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000401F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000403FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00060600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00060A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00160600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00160804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00160A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5368] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001603FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00080600
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\wbem\wmiprvse.exe[5420] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[5648] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\svchost.exe[5648] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\svchost.exe[5648] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00080FE5
    .text C:\Windows\system32\svchost.exe[5648] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00080011
    .text C:\Windows\system32\svchost.exe[5648] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 00080000
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 00010F9B
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 000100E1
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 00010121
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00010F80
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 000100AB
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 00010FE5
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00010036
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 000100D0
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 0001009A
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00010062
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00010073
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00010051
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00010FB6
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 00010132
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 0001001B
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 0001000A
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[5648] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 000100FC
    .text C:\Windows\system32\svchost.exe[5648] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 000C0036
    .text C:\Windows\system32\svchost.exe[5648] msvcrt.dll!system 7602804B 5 Bytes JMP 000C0FAB
    .text C:\Windows\system32\svchost.exe[5648] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 000C0000
    .text C:\Windows\system32\svchost.exe[5648] msvcrt.dll!_open 7602D106 5 Bytes JMP 000C0FE3
    .text C:\Windows\system32\svchost.exe[5648] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 000C001B
    .text C:\Windows\system32\svchost.exe[5648] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 000C0FC6
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 000D0065
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 000D0036
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 000D0FEF
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 000D0FB9
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 000D0FA8
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 000D0FD4
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 000D000A
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 000D0025
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 000F0600
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 000F1014
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 000F0804
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 000F0C0C
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 000F0E10
    .text C:\Windows\system32\svchost.exe[5648] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\svchost.exe[5648] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00100000
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[5808] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!LdrLoadDll 778C93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!LdrUnloadDll 778DB740 5 Bytes JMP 000503FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!NtCreateFile 77904224 5 Bytes JMP 00040000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!NtCreateProcess 779042E4 5 Bytes JMP 00040036
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!NtProtectVirtualMemory 77904B84 5 Bytes JMP 0004001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!GetStartupInfoW 77631929 5 Bytes JMP 000100A7
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!GetStartupInfoA 776319C9 5 Bytes JMP 00010F6B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateProcessW 77631BF3 5 Bytes JMP 000100B8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateProcessA 77631C28 5 Bytes JMP 00010F2B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!VirtualProtect 77631DC3 5 Bytes JMP 0001007B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateNamedPipeA 77632EF5 5 Bytes JMP 0001001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateNamedPipeW 77635C0C 5 Bytes JMP 00010FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreatePipe 77658E6E 5 Bytes JMP 00010096
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryExW 77659109 5 Bytes JMP 00010F97
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryW 77659362 5 Bytes JMP 00010FA8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryExA 776594B4 5 Bytes JMP 00010054
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryA 776594DC 5 Bytes JMP 00010FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!VirtualProtectEx 7765DBDA 5 Bytes JMP 00010F86
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!GetProcAddress 7767903B 5 Bytes JMP 000100C9
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateFileW 7767AECB 5 Bytes JMP 00010FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateThread 7767C90E 5 Bytes JMP 6DDA71CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateFileA 7767CE5F 5 Bytes JMP 00010000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!GetBinaryTypeW + 70 77682247 1 Byte [62]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!WinExec 776C5CF7 5 Bytes JMP 00010F3C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyExA 762539AB 5 Bytes JMP 0007004E
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyA 76253BA9 5 Bytes JMP 00070FB6
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyA 762589C7 5 Bytes JMP 00070000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyW 7626391E 5 Bytes JMP 0007003D
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyExW 762641F1 5 Bytes JMP 00070F87
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyExA 76267C42 5 Bytes JMP 0007001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyW 7626E2B5 5 Bytes JMP 00070FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyExW 76277BA1 5 Bytes JMP 0007002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!CreateServiceW 76279EB4 5 Bytes JMP 001C03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!DeleteService 7627A07E 5 Bytes JMP 001C0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!SetServiceObjectSecurity 762B6CD9 5 Bytes JMP 001C1014
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!ChangeServiceConfigA 762B6DD9 5 Bytes JMP 001C0804
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!ChangeServiceConfigW 762B6F81 5 Bytes JMP 001C0A08
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!ChangeServiceConfig2A 762B7099 5 Bytes JMP 001C0C0C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!ChangeServiceConfig2W 762B71E1 5 Bytes JMP 001C0E10
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!CreateServiceA 762B72A1 5 Bytes JMP 001C01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!SetWindowsHookExA 77A66322 5 Bytes JMP 001D0600
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!SetWindowsHookExW 77A687AD 5 Bytes JMP 6DDE204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CallNextHookEx 77A68E3B 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CallNextHookEx 77A68E3B 5 Bytes JMP 6DE07A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!UnhookWindowsHookEx 77A698DB 5 Bytes JMP 6DE2E9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!SetWinEventHook 77A69F3A 5 Bytes JMP 001D01F8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!UnhookWinEvent 77A6C06F 5 Bytes JMP 001D03FC
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!EnableWindow 77A6CD8B 5 Bytes JMP 6DDE98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DefWindowProcA 77A6DB88 7 Bytes JMP 6DDA93F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateWindowExA 77A6DC2A 2 Bytes JMP 6DDB3223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateWindowExA + 3 77A6DC2D 2 Bytes [34, F6] {XOR AL, 0xf6}
     
    jimmymac725,
    #9
  11. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!CreateWindowExW 77A71305 5 Bytes JMP 6DE0FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DefWindowProcW 77A803B4 7 Bytes JMP 6DE07AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxParamW 77A910B0 5 Bytes JMP 6DD415E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxIndirectParamW 77A92EF5 5 Bytes JMP 6DF35E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxParamA 77AA8152 5 Bytes JMP 6DF35E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxIndirectParamA 77AA847D 5 Bytes JMP 6DF35EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxIndirectA 77ABD4D9 5 Bytes JMP 6DF35DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxIndirectW 77ABD5D3 5 Bytes JMP 6DF35D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxExA 77ABD639 5 Bytes JMP 6DF35CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxExW 77ABD65D 5 Bytes JMP 6DF35C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_wsystem 76027F2F 5 Bytes JMP 0008005F
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!system 7602804B 5 Bytes JMP 0008004E
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_creat 7602BBE1 5 Bytes JMP 00080029
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_open 7602D106 5 Bytes JMP 00080FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_wcreat 7602D326 5 Bytes JMP 00080FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_wopen 7602D501 5 Bytes JMP 0008000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ole32.dll!OleLoadFromStream 76321E80 5 Bytes JMP 6DF3666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenA 77224E2B 5 Bytes JMP 00090FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenUrlA 7722BFCE 5 Bytes JMP 00090011
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenW 7725C03E 5 Bytes JMP 00090000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenUrlW 7728D722 5 Bytes JMP 0009002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WS2_32.dll!socket 779D36D1 5 Bytes JMP 00B70FE5

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[804] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00240002
    IAT C:\Windows\system32\services.exe[804] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00240000
    IAT C:\Windows\system32\mfevtps.exe[2596] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00E67740] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\system32\mfevtps.exe[2596] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00E677A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73AEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73AC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73B1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73ABC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-30 22:15:01
    -----------------------------
    22:15:01.032 OS Version: Windows 6.0.6002 Service Pack 2
    22:15:01.032 Number of processors: 2 586 0x6802
    22:15:01.032 ComputerName: LAINIE-PC UserName: LAINIE
    22:15:07.381 Initialize success
    22:15:09.441 AVAST engine defs: 11063001
    22:15:20.945 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    22:15:20.955 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC32P Size: 152627MB BusType: 3
    22:15:23.191 Disk 0 MBR read successfully
    22:15:23.206 Disk 0 MBR scan
    22:15:23.331 Disk 0 unknown MBR code
    22:15:25.847 Disk 0 scanning sectors +312576705
    22:15:26.115 Disk 0 scanning C:\Windows\system32\drivers
    22:16:05.400 Service scanning
    22:16:07.940 Disk 0 trace - called modules:
    22:16:08.049 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
    22:16:08.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85931610]
    22:16:08.049 3 CLASSPNP.SYS[887ab8b3] -> nt!IofCallDriver -> [0x857b2f08]
    22:16:08.049 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8579db98]
    22:16:09.026 AVAST engine scan C:\Windows
    10:45:35.060 AVAST engine scan C:\Users\LAINIE
    14:54:51.325 AVAST engine scan C:\ProgramData
    17:10:14.219 Scan finished successfully
    21:17:07.332 Disk 0 MBR has been saved successfully to "C:\Users\LAINIE\Desktop\MBR.dat "
    21:17:07.722 The log file has been saved successfully to "C:\Users\LAINIE\Desktop\aswMBR.txt "


    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by LAINIE at 21:18:55 on 2011-07-01
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.773 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\FsUsbExService.Exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\HP Wireless Adapter\HPWLan.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\ctfmon.exe
    C:\Users\LAINIE\Downloads\vq2np3ub.exe
    C:\Users\LAINIE\Downloads\aswMBR (1).exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {3EBC9781-F4A5-4550-A64B-EAAA32CFB80A} - No File
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110620100951.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [HPWireless] "c:\program files\hp wireless adapter\HPWLAN.exe "
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{B59BCC86-317E-48B2-919D-D27F80BBA20E} : NameServer = 0.0.0.0
    TCP: Interfaces\{E6C94040-06D3-4E17-9B27-E38133A6814B} : DhcpNameServer = 192.168.0.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: c:\progra~1\bandoo\BndHook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\lainie\appdata\roaming\mozilla\firefox\profiles\2fxk8taz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://fruttisearch.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 387480]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-3 307928]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-28 64584]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-28 165032]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2008-6-27 15360]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-3 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-3 53592]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-3 42184]
     
    jimmymac725,
    #10
  12. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-7-14 233472]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-21 366640]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-4 88176]
    R2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-28 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-28 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-28 141792]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-28 56064]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-14 36608]
    R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2008-6-27 13824]
    R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2008-6-27 35840]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-21 22712]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-4 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-4 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-28 314088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-18 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-18 136176]
    S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [2008-6-27 14336]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-28 84488]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-4 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-4 40552]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2006-11-28 28224]
    S3 RTL8187;Wireless Adapter;c:\windows\system32\drivers\hpl8187.sys [2008-6-27 219648]
    S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-3-26 23608]
    .
    =============== Created Last 30 ================
    .
    2011-07-01 06:31:08 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8528409e-25c9-4364-9dc0-e96f850c28e6}\mpengine.dll
    2011-06-30 02:41:20 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-06-30 02:07:21 208896 ----a-w- c:\windows\MBR.exe
    2011-06-30 02:07:17 98816 ----a-w- c:\windows\sed.exe
    2011-06-30 02:07:17 518144 ----a-w- c:\windows\SWREG.exe
    2011-06-30 02:07:17 256000 ----a-w- c:\windows\PEV.exe
    2011-06-30 02:06:10 -------- d-----w- C:\ComboFix
    2011-06-30 01:59:37 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-06-28 02:42:03 -------- d-----w- c:\program files\The Weather Channel FW
    2011-06-28 02:41:18 -------- d-----w- c:\users\lainie\appdata\local\The Weather Channel
    2011-06-18 01:45:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-18 01:45:22 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-18 01:45:20 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-16 19:55:44 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 19:55:36 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-16 19:55:29 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 19:55:23 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 19:55:23 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 19:54:41 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 19:54:39 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 19:54:39 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 19:54:30 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 19:54:25 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-06-10 16:56:59 -------- d-----w- c:\program files\iPod
    2011-06-10 12:57:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-03 21:44:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-06-03 21:44:23 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-06-03 21:43:22 40112 ----a-w- c:\windows\avastSS.scr
    2011-06-02 13:28:44 -------- d-----w- c:\programdata\AVAST Software
    2011-06-02 13:28:44 -------- d-----w- c:\program files\AVAST Software
    .
    ==================== Find3M ====================
    .
    2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 19:01:38 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 19:01:38 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .
    ============= FINISH: 21:21:53.93 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/18/2008 7:52:22 PM
    System Uptime: 6/30/2011 10:41:47 PM (23 hours ago)
    .
    Motherboard: Quanta | | 30CF
    Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57 | Socket S1 | 1900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 20.259 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.305 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: HP Officejet J4680
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Hewlett-Packard
    Name: HP Officejet J4680
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet J4680 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet J4680 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
    Description: Officejet J4680 series
    Device ID: ROOT\PRINTER\0000
    Manufacturer: HP
    Name: Officejet J4680 series
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    Class GUID: {bc103702-dd72-406f-9b28-95c868337b59}
    Description: USB Easy Transfer Cable
    Device ID: ROOT\TRANSFER_CABLE\0000
    Manufacturer: Microsoft
    Name: USB Easy Transfer Cable
    PNP Device ID: ROOT\TRANSFER_CABLE\0000
    Service: winusb
    .
    ==== System Restore Points ===================
    .
    RP765: 6/21/2011 7:22:41 AM - Windows Update
    RP766: 6/24/2011 9:37:15 AM - Windows Update
    RP767: 6/28/2011 6:30:16 AM - Windows Update
    RP768: 6/29/2011 8:38:26 PM - Windows Update
    RP769: 6/30/2011 3:00:12 AM - Windows Update
    RP770: 7/1/2011 1:28:15 AM - Windows Update
    RP771: 7/1/2011 6:13:40 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    4660_4680_Help
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    AdMission Photo Uploader
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Photoshop Elements 6.0
    Adobe Reader 8.1.6
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player
    Adobe Shockwave Player 11
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    AT&T Yahoo! Applications
    Atheros Driver Installation Program
    Audible Download Manager
    AudibleManager
    Avanquest update
    avast! Free Antivirus
    Bandoo
    Bing Bar
    Bing Bar Platform
    Bing Maps 3D
    BitPim 1.0.6
    Bonjour
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Cards_Calendar_OrderGift_DoMorePlugout
    CCleaner (remove only)
    CCScore
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    Connect
    Coupon Printer for Windows
    CustomerResearchQFolder
    D3DX10
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocMgr
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    Driver Detective
    DVD Suite
    EA Link
    EmailStripper 2.2
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    ESU for Microsoft Vista
    eSupportQFolder
    Fax
    fflink
    Form Fill (Windows Live Toolbar)
    Google Earth Plug-in
    Google Update Helper
    Google Updater
    GPBaseService
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 10.0
    HP Doc Viewer
    HP Document Manager 1.0
    HP Driver Diagnostics
    HP Easy Setup - Frontend
     
    jimmymac725,
    #11
  13. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    HP Games
    HP Help and Support
    HP Imaging Device Functions 10.0
    HP Officejet All-In-One Series
    HP Photosmart Essential 2.5
    HP Quick Launch Buttons 6.30 E1
    HP QuickPlay 3.6
    HP QuickTouch 1.00 C4
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Total Care Advisor
    HP Update
    HP User Guides 0087
    HP Wireless Adapter
    HP Wireless Assistant
    HP Wireless Printer Adapter
    HPAsset component for HP Active Support Library
    HPDiagnosticAlert
    HPNetworkAssistant
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    ImagXpress
    iPhone Configuration Utility
    iTunes
    J4680
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 26
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    JDownloader
    Junk Mail filter update
    kgcbaby
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kodak EasyShare software
    kuler
    LabelPrint
    LAME v3.98.2 for Audacity
    LightScribe System Software
    lovebeautyhope_3130187 Screen Saver
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MarketResearch
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 4.0 (x86 en-US)
    MP3 Voice Recorder 1.0
    MSCU for Microsoft Vista
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    neroxml
    netbrdg
    NetDeviceManager
    NetWaiting
    NVIDIA Drivers
    OCR Software by I.R.I.S. 10.0
    OfotoXMI
    OGA Notifier 2.0.0048.0
    OpenOffice.org Installer 1.0
    PC Connectivity Solution
    PDF Settings CS4
    Photoshop Camera Raw
    Power2Go
    PowerDirector
    Preclick Gold Photo Organizer
    ProductContext
    PSSWCORE
    QuickTime
    RadarSync PC Updater 2011 (driver updates & patches)
    RAR Password Recovery v1.1 RC16 (remove only)
    RawPacketDriver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    SAMSUNG Mobile Composite Device Software
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung New PC Studio
    SamsungConnectivityCableDriver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    SFR
    SHASTA
    Shop for HP Supplies
    skin0001
    SKINXSDK
    Slingbox Flash Tour
    SlingPlayer
    Smart Menus (Windows Live Toolbar)
    SolutionCenter
    Spelling Dictionaries Support For Adobe Reader 8
    staticcr
    Status
    Suite Shared Configuration CS4
    Synaptics Pointing Device Driver
    The Weather Channel Desktop 6
    Toolbox
    tooltips
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    VideoToolkit01
    Viewpoint Media Player
    VPRINTOL
    WeatherBug Gadget
    WebReg
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinPcap 4.1.2
    WinRAR archiver
    WIRELESS
    Yahoo! Search Protection
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/1/2011 9:15:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    6/30/2011 8:33:23 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    6/30/2011 8:32:47 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/30/2011 8:32:47 PM, Error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the file specified.
    6/30/2011 3:22:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuickPlay Background Capture Service (QBCS) service to connect.
    6/30/2011 3:22:07 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    6/30/2011 3:22:07 AM, Error: Service Control Manager [7000] - The QuickPlay Background Capture Service (QBCS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/29/2011 9:35:26 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    6/29/2011 9:10:10 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
    6/29/2011 8:29:50 PM, Error: EventLog [6008] - The previous system shutdown at 8:28:46 PM on 6/29/2011 was unexpected.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss RtlProt Smb spldr Tcpip tdx Wanarpv6
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:41 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/29/2011 8:24:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/29/2011 8:24:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/29/2011 8:24:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/29/2011 8:23:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/29/2011 8:23:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/29/2011 8:23:33 PM, Error: EventLog [6008] - The previous system shutdown at 8:21:13 PM on 6/29/2011 was unexpected.
    6/29/2011 3:15:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    6/29/2011 3:15:11 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/28/2011 6:21:24 AM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    6/28/2011 6:21:23 AM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
    6/25/2011 8:32:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.7 for the Network Card with network address 001F3A1B48DC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    6/25/2011 7:53:54 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J4680 Series with shared resource name HP Officejet J4680 Series. Error 2114. The printer cannot be used by others on the network.
    6/25/2011 7:53:54 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet J4680 Series fax with shared resource name HP Officejet J4680 Series fax. Error 2114. The printer cannot be used by others on the network.
    6/25/2011 10:14:18 AM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.3. The computer with the IP address 192.168.0.2 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
     
    jimmymac725,
    #12
  14. 2011/07/01
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    Im sorry about the length but I wanted to make sure you had everything.

    thanks Jim
     
    jimmymac725,
    #13
  15. 2011/07/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You did fine.

    I don't see much, so far.

    You're running two AV programs, Avast and McAfee.
    One of them has to go.
    If McAfee, make sure to use this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    Then...

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

    =================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #14
  16. 2011/07/02
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6002 (Service Pack 2)
    Number of processors #2
    ==============================================
    >SSDT State
    ==============================================
    ==============================================
    >Shadow
    ==============================================
    ==============================================
    >Processes
    ==============================================
    0x8814F808 [320] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x88254090 [432] C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company, LightScribe Service)
    0x87CD2D90 [500] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
    0x882661A0 [556] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x87EA5B40 [568] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
    0x8509DA68 [572] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc., McAfee Security Center)
    0x87C8AD90 [620] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
    0x87FB5D90 [632] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
    0x87DE64D0 [660] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
    0x87FDFA58 [664] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
    0x87F81D90 [676] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
    0x87FAC978 [684] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
    0x880666D8 [764] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
    0x852F6D90 [840] C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co., HP CUE Status Root)
    0x882716B0 [872] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x87F81A70 [880] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x8809ACE0 [928] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 179.91)
    0x88020D90 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0xA0444020 [1024] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x880F1020 [1048] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x880D4AF0 [1080] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x880DCAD8 [1100] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x88141020 [1160] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x883929A0 [1168] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x88102650 [1192] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x88106020 [1212] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
    0x8810AD90 [1260] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x8839F878 [1340] C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe (-, CLCapSvc Module)
    0x8816A298 [1368] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x881AE508 [1560] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
    0x881A6D90 [1584] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x8821FD90 [1876] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc., ArcSoft Connect Service)
    0x88233D90 [1924] C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    0xA0418178 [1936] C:\Program Files\CyberLink\Shared Files\RichVideo.exe (-, RichVideo Module)
    0x8821CD90 [1964] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
    0x87E2AD90 [2004] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
    0x87E30D90 [2032] C:\Windows\System32\FsUsbExService.Exe (Teruten, FsUsbDevice)
    0x85386020 [2096] C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co., HP CUE Alert Popup Window Objects)
    0xA0428D90 [2140] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
    0xA0457B40 [2172] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp., Microsoft® Windows Live ID Service)
    0x850BB7F0 [2184] C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (-, HpqToaster Module)
    0xA0403D90 [2188] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
    0x852DF590 [2276] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0xA0483020 [2312] C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)
    0xA0482D90 [2336] C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P., hpqwmiex Module)
    0x8603DBB8 [2424] C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc., McAfee Core Firewall Service)
    0x8820A8F0 [2556] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp., Microsoft® Windows Live ID Service Monitor)
    0x85242320 [2644] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
    0x88243800 [2760] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
    0x850C2020 [3052] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated, Synaptics Pointing Device Helper)
    0x84FA30E0 [3072] C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe (-, CLSched Module)
    0x8503CA30 [3180] C:\Windows\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)
    0x87FB0D90 [3188] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
    0x84FB49C0 [3276] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
    0x84FE5D90 [3284] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
    0x88091760 [3344] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)
    0x853DF7D8 [3440] C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc., McAfee On-Access Scanner service)
    0x84FBD420 [3544] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
    0x85001B08 [3688] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
    0x84F37868 [3724] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc., Synaptics Pointing Device starter)
    0x850B3428 [3732] C:\Program Files\HP Wireless Adapter\HPWLan.exe (-, HPWLan)
    0x850B4A80 [3748] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated, Synaptics TouchPad Enhancements)
    0x8613DC00 [3756] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
    0x84F83B80 [3760] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard, hpwuSchd Application)
    0x8509F418 [3768] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P., Module to process WiFi messages.)
    0x850B4198 [3776] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P., HPWAMain Module)
    0x84F57730 [3940] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc., ArcSoft Connect Daemon)
    0x850228C8 [3948] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
    0x84F6A3F0 [3964] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc., -)
    0x85E39360 [3972] C:\Windows\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
    0x8511DD90 [3980] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
    0x8511D0F0 [3996] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co., HP Digital Imaging Monitor)
    0x8611F630 [4160] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
    0x85F6CC60 [4272] C:\Windows\System32\mfevtps.exe (McAfee, Inc., McAfee Process Validation Service)
    0x855FB7D8 [4428] C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc., McAfee Service Host)
    0x854F55C8 [4712] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard, HP Health Check Service)
    0x853E3020 [5140] C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard, GPCore COM object)
    0x85F9A7E0 [5544] C:\Users\LAINIE\Downloads\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
    0x866133B0 [5612] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
    0x855823D8 [5752] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
    0x85563D90 [5772] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
    0x849CD840 [4] System
    0x880FFD90 [1176] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
    ==============================================
    >Drivers
    ==============================================
    0x8D606000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7544832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.91 )
    0x82E34000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
    0x82E34000 PnpManager 3907584 bytes
    0x82E34000 RAW 3907584 bytes
    0x82E34000 WMIxWDM 3907584 bytes
    0x98C50000 Win32k 2113536 bytes
    0x98C50000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x88604000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
    0x88471000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8E406000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
    0x8D408000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
    0x8E658000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
    0x8046A000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
    0x9DA91000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x8D508000 C:\Windows\system32\DRIVERS\athr.sys 757760 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
    0x8E509000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0x9CA08000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
    0x8DD38000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8D20D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x88400000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x8054A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0xAE606000 C:\Windows\system32\drivers\mfehidk.sys 450560 bytes (McAfee, Inc., McAfee Link Driver)
    0x9CB0F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8D2F5000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
    0x9DA0E000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
    0x98EA0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xAE758000 \Device\mfefirek01.sys 307200 bytes
    0x806B4000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8EA01000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x8060B000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x80429000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8D3B0000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x8E1A8000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
    0x807BE000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8EAA3000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x885A7000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x8D346000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
    0x8EB7B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x8871C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8E0CE000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x82E01000 ACPI_HAL 208896 bytes
    0x8E123000 C:\Windows\system32\drivers\CHDRT32.sys 208896 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
    0x82E01000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x80749000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x8E787000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8D381000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x8E156000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8857C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x8E073000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x9CAC8000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x8EBB4000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x8876C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
    0xAE7A3000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
    0x80662000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x8E183000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xAE7CA000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
    0x8E006000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x887A4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x9CBC7000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x8E605000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x8EB5C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x8072B000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9CB7C000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
    0xAE70F000 \Device\mfeapfk01.sys 114688 bytes
    0x8E742000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x8EB39000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x8D2B8000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
    0x9CB99000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x805D8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x9CBE8000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8EAE9000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x8D5E2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x9DB8D000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x8EA49000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x8E75D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9CBB2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8E04C000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8E038000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x8D2E1000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
    0x8E773000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x8DDE4000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x9CAFC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8EA90000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x9DA75000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
    0x88793000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x8E103000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x80410000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x885EB000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
    0x8077B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x80794000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
    0x9CAB8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x80713000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x8D29A000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0x8E061000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
    0x8E114000 C:\Windows\system32\DRIVERS\hpnuhub.sys 61440 bytes (Hewlett-Packard Development Company, HP USB Virtual Driver)
    0xAE690000 C:\Windows\system32\DRIVERS\mfenlfk.sys 61440 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
    0x8EB2A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x8875D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x80689000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x8E029000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x8D2D2000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
    0x805C9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x806A5000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x8D2AA000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0x98E90000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x8EA68000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8E641000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x80705000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x805BB000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x8EB00000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8E5BE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x8E0B8000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0xAE72B000 C:\Windows\system32\drivers\mfebopk.sys 49152 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
    0x9DB79000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8E5E2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8DDD8000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
    0x8EB0D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x8D5C1000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x8D5CC000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x8E636000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8D3F1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8D5D7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x887EE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8069B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x8EB20000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8E0A6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x9CAF2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8EADF000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x9DB6F000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x807B4000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xAE737000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x887C5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x9DBA3000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes
    0x8E5CB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x8E09D000 C:\Windows\system32\DRIVERS\hpnuhst.sys 36864 bytes (Hewlett-Packard Development Company, HP USB Virtual Driver)
    0x8E0C5000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x8078B000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x8E64F000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x8EA5F000 C:\Windows\system32\DRIVERS\rtlprot.sys 36864 bytes (Windows (R) Codename Longhorn DDK provider, Realtek Utility I/O Driver)
    0x98E70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x885E2000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x807AB000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0x80651000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x80723000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x80421000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8EB18000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
    0x8065A000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8E626000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8E62E000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x88755000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x88714000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
    0x9DB85000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
    0x8E5DB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x807A4000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x80409000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x9DA8A000 C:\Windows\system32\drivers\npf.sys 28672 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
    0x8E5D4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x806FE000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x80600000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x8DDF7000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
    0x887F9000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0x9DA86000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0x80698000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x88600000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
    0x887FD000 C:\Windows\system32\DRIVERS\HpqRemHid.sys 8192 bytes (Hewlett-Packard Development Company, L.P., HP Remote Control HID Device)
    0x8E071000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x8DDFC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    ==============================================
    >Files
    ==============================================
    ==============================================
     
    jimmymac725,
    #15
  17. 2011/07/02
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    >Hooks
    ==============================================
    ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x82EDC7AA-->82EDC7B1 [ntkrnlpa.exe]
    ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8304482A-->AE645D4C [mfehidk.sys]
    ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x830250D3-->AE645D76 [mfehidk.sys]
    ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x83044AED-->AE645D62 [mfehidk.sys]
    ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x82E5F982-->AE645D38 [mfehidk.sys]
    [1024]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00530F9E [unknown_code_page]
    [1024]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00530F72 [unknown_code_page]
    [1024]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->0053002F [unknown_code_page]
    [1024]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00530F83 [unknown_code_page]
    [1024]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00530FEF [unknown_code_page]
    [1024]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00530000 [unknown_code_page]
    [1024]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00530FAF [unknown_code_page]
    [1024]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00530FCA [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00150000 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00150FE5 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00150FCA [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00150FB9 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00150F72 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00150F2B [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00150F10 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00150EFF [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->0015009D [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00150F4D [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00150025 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00150F8D [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->0015004A [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00150F9E [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00150071 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00150082 [unknown_code_page]
    [1024]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00150F3C [unknown_code_page]
    [1024]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00540FEF [unknown_code_page]
    [1024]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00540FCD [unknown_code_page]
    [1024]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00540FDE [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->002C0FB9 [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->002C0036 [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->002C0047 [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->002C0F9E [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->002C000A [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->002C0FE5 [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->002C0FCA [unknown_code_page]
    [1048]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->002C001B [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00230FEF [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->0023000A [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->0023001B [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00230FC0 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00230F41 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00230098 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00230F0B [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->002300B3 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00230F30 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00230076 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00230FAF [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00230036 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00230051 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00230F9E [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00230F77 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00230F52 [unknown_code_page]
    [1048]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00230087 [unknown_code_page]
    [1048]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->002D0000 [unknown_code_page]
    [1048]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->002D0FE5 [unknown_code_page]
    [1048]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->002D001B [unknown_code_page]
    [1048]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->002A0000 [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->01100FA8 [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->01100F8D [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->01100F7C [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->01100025 [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->01100FE5 [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->01100FCA [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->01100FB9 [unknown_code_page]
    [1080]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->01100000 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00D70000 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00D70FEF [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00D70FD4 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00D70FB9 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00D70F37 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00D70087 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00D70EFA [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00D700B6 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00D70062 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00D70F1C [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00D7001B [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00D70F8A [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00D70047 [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00D7002C [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00D70F6D [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00D70F5C [unknown_code_page]
    [1080]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00D70F0B [unknown_code_page]
    [1080]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->0111000A [unknown_code_page]
    [1080]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->01110FDE [unknown_code_page]
    [1080]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->01110FEF [unknown_code_page]
    [1080]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->01000000 [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00D7002F [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00D70054 [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00D70F97 [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00D70FA8 [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00D70FE5 [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00D70014 [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00D70FC3 [unknown_code_page]
    [1100]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00D70FD4 [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00720FEF [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00720FDE [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00720FC3 [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00720FB2 [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->0072004F [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->0072008C [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00720EF5 [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00720EDA [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00720F24 [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->0072006A [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->0072001E [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00720F86 [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00720F6B [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00720F97 [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00720F5A [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00720F3F [unknown_code_page]
    [1100]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->0072007B [unknown_code_page]
    [1100]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->01270FEF [unknown_code_page]
    [1100]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->01270014 [unknown_code_page]
    [1100]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->01270FDE [unknown_code_page]
    [1100]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77BD4E2B-->01260FEF [unknown_code_page]
    [1100]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77BDBFCE-->01260FCA [unknown_code_page]
    [1100]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77C3D722-->0126001B [unknown_code_page]
    [1100]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x77C0C03E-->01260000 [unknown_code_page]
    [1100]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00750FEF [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->0085004E [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->0085007A [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->0085008B [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->0085005F [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00850000 [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->0085002C [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->0085003D [unknown_code_page]
    [1160]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->0085001B [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00750000 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00750FE5 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00750FCA [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00750FB9 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00750F61 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00750096 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->007500A7 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00750EF5 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00750F50 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00750F2B [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00750025 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00750F8D [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->0075004A [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00750FA8 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00750071 [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00750F7C [unknown_code_page]
    [1160]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00750F1A [unknown_code_page]
    [1160]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00860000 [unknown_code_page]
    [1160]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00860025 [unknown_code_page]
    [1160]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00860FEF [unknown_code_page]
    [1160]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->007E0000 [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00120033 [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00120FAC [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00120F91 [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->0012004E [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00120000 [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00120011 [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00120022 [unknown_code_page]
    [1168]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00120FDB [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->000E0FEF [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->000E000A [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->000E0FCA [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->000E001B [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->000E0F41 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->000E0091 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->000E00A2 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->000E0EF0 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->000E006C [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->000E0F30 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->000E0FAF [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->000E0F83 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->000E0036 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->000E0F94 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->000E0047 [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->000E0F5C [unknown_code_page]
    [1168]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->000E0F15 [unknown_code_page]
    [1168]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00710000 [unknown_code_page]
    [1168]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00710FCA [unknown_code_page]
    [1168]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00710FEF [unknown_code_page]
    [1168]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00100000 [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00810FCA [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00810051 [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->0081006C [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00810FB9 [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00810000 [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00810FE5 [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->0081002C [unknown_code_page]
    [1192]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->0081001B [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->001B0000 [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->001B001B [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->001B002C [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->001B0FDB [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->001B006B [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->001B00A8 [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->001B0F1B [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->001B0F0A [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->001B0F40 [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->001B0086 [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->001B0FB6 [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->001B0F9B [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->001B0F80 [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->001B003D [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->001B0F65 [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->001B005A [unknown_code_page]
    [1192]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->001B0097 [unknown_code_page]
    [1192]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00820FEF [unknown_code_page]
    [1192]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00820000 [unknown_code_page]
    [1192]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00820FCA [unknown_code_page]
    [1192]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->001D0000 [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00800FE5 [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->0080006C [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00800FA5 [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00800FD4 [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00800000 [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00800036 [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00800047 [unknown_code_page]
    [1260]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00800011 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00410FEF [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00410014 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00410025 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00410040 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00410F92 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00410F52 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->004100E9 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->004100FA [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->004100B3 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->004100C4 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00410FD4 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00410076 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00410087 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->0041005B [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00410FA3 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->004100A2 [unknown_code_page]
    [1260]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00410F63 [unknown_code_page]
    [1260]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00860FE5 [unknown_code_page]
    [1260]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00860FB9 [unknown_code_page]
    [1260]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00860FCA [unknown_code_page]
    [1260]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77BD4E2B-->00810000 [unknown_code_page]
    [1260]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77BDBFCE-->00810036 [unknown_code_page]
    [1260]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77C3D722-->00810FE5 [unknown_code_page]
    [1260]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x77C0C03E-->00810025 [unknown_code_page]
    [1260]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00520000 [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->02B50FC0 [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->02B50058 [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->02B50FA5 [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->02B50047 [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->02B50000 [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->02B50011 [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->02B5002C [unknown_code_page]
    [1368]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->02B50FDB [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->02AA0FEF [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->02AA0FDE [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->02AA0014 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->02AA0025 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->02AA007D [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->02AA00CE [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->02AA00E9 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->02AA0F37 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->02AA0098 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->02AA0F52 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->02AA0036 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->02AA0062 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->02AA0FA5 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->02AA0051 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->02AA0F88 [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->02AA0F6D [unknown_code_page]
    [1368]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->02AA00B3 [unknown_code_page]
    [1368]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->02C60FEF [unknown_code_page]
    [1368]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->02C60025 [unknown_code_page]
    [1368]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->02C6000A [unknown_code_page]
    [1368]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->02B10FE5 [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00870FDB [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00870FC0 [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00870FAF [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00870062 [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->0087000A [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00870040 [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00870051 [unknown_code_page]
    [1584]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00870025 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00800000 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00800011 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00800FDB [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->0080002C [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00800F59 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->008000A9 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00800F12 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->008000BA [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00800F48 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->0080008E [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00800FC0 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00800047 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00800058 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00800FA5 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00800F7E [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00800073 [unknown_code_page]
    [1584]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00800F2D [unknown_code_page]
    [1584]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->009A0FEF [unknown_code_page]
    [1584]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->009A0FD4 [unknown_code_page]
    [1584]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->009A000A [unknown_code_page]
    [1584]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00810FE5 [unknown_code_page]
    [2140]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->70EE4618 [shimeng.dll]
    [2140]rundll32.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->70EE4618 [shimeng.dll]
    [2140]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->70EE4618 [shimeng.dll]
    [2140]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->70EE4618 [shimeng.dll]
    [2140]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->70EE4618 [shimeng.dll]
    [2140]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->70EE4618 [shimeng.dll]
    [2276]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->007D0033 [unknown_code_page]
    [2276]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->007D0F91 [unknown_code_page]
    [2276]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->007D0F80 [unknown_code_page]
    [2276]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->007D0FA2 [unknown_code_page]
    [2276]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->007D0000 [unknown_code_page]
    [2276]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->007D0022 [unknown_code_page]
    [2276]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->007D0FD1 [unknown_code_page]
    [2276]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->007D0011 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00180000 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00180FDB [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00180FCA [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00180011 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->0018007F [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00180F39 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00180F1E [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00180F0D [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00180090 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00180F54 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->0018002C [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->0018003D [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00180F80 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00180FA5 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00180F6F [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00180064 [unknown_code_page]
    [2276]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->001800B5 [unknown_code_page]
    [2276]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->007E0000 [unknown_code_page]
    [2276]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->007E0FE5 [unknown_code_page]
    [2276]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->007E001B [unknown_code_page]
    [2276]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00190FEF [unknown_code_page]
    [2644]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00CF0025 [unknown_code_page]
    [2644]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00CF0F9E [unknown_code_page]
    [2644]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00CF0F8D [unknown_code_page]
    [2644]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00CF0040 [unknown_code_page]
    [2644]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00CF0FEF [unknown_code_page]
     
    jimmymac725,
    #16
  18. 2011/07/02
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    [2644]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00CF0014 [unknown_code_page]
    [2644]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00CF0FB9 [unknown_code_page]
    [2644]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00CF0FD4 [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00C9000A [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00C90FEF [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00C90FDE [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00C90FC3 [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00C90F70 [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00C900AF [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00C90F18 [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00C90F07 [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00C90F5F [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00C90F3A [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00C90039 [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00C9005B [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00C90076 [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00C9004A [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00C90F9C [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00C90F8B [unknown_code_page]
    [2644]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00C90F29 [unknown_code_page]
    [2644]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00D00000 [unknown_code_page]
    [2644]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00D00FDE [unknown_code_page]
    [2644]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00D00FEF [unknown_code_page]
    [2644]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00CD0FEF [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00380033 [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00380F91 [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->0038004E [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00380FAC [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00380000 [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00380FDB [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00380022 [unknown_code_page]
    [320]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00380011 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00320000 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00320011 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00320036 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00320FE5 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->003200A4 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00320F5E [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00320F43 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00320F28 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->003200B5 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00320F79 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00320FD4 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->0032005B [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00320078 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00320FB9 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00320089 [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00320F9E [unknown_code_page]
    [320]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->003200DA [unknown_code_page]
    [320]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00810FE5 [unknown_code_page]
    [320]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00810FD4 [unknown_code_page]
    [320]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00810000 [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->02340040 [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->02340FB9 [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->02340F9E [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->02340051 [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->02340FEF [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->0234000A [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->0234002F [unknown_code_page]
    [3284]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->02340FD4 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->01710FEF [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->01710FDE [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->0171000A [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->0171001B [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->01710F7E [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->017100C1 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->01710F20 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->01710F0F [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->01710F63 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->0171009F [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->01710036 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->01710058 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->01710069 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->01710047 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->01710084 [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->01710F8F [unknown_code_page]
    [3284]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->017100B0 [unknown_code_page]
    [3284]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->03500FEF [unknown_code_page]
    [3284]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->0350000A [unknown_code_page]
    [3284]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->03500FD4 [unknown_code_page]
    [3284]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77BD4E2B-->0235000A [unknown_code_page]
    [3284]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77BDBFCE-->02350FCA [unknown_code_page]
    [3284]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77C3D722-->0235001B [unknown_code_page]
    [3284]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x77C0C03E-->02350FEF [unknown_code_page]
    [3284]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->02320FEF [unknown_code_page]
    [4272]mfevtps.exe-->crypt32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x73C01058-->0035A4B0 [mfevtps.exe]
    [4272]mfevtps.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x73C01290-->0035A510 [mfevtps.exe]
    [4428]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->685D9A20 [McProxy.dll]
    [4428]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->685D9AE2 [McProxy.dll]
    [556]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00300036 [unknown_code_page]
    [556]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00300F8A [unknown_code_page]
    [556]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00300F79 [unknown_code_page]
    [556]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00300FA5 [unknown_code_page]
    [556]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00300FEF [unknown_code_page]
    [556]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->0030000A [unknown_code_page]
    [556]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00300025 [unknown_code_page]
    [556]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00300FDE [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00230000 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00230011 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00230036 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00230FE5 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->0023009F [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00230F3E [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->002300D5 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->002300E6 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00230F74 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->002300BA [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00230051 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00230FC0 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00230073 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00230062 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00230084 [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00230F8F [unknown_code_page]
    [556]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00230F59 [unknown_code_page]
    [556]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00310000 [unknown_code_page]
    [556]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00310036 [unknown_code_page]
    [556]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00310011 [unknown_code_page]
    [556]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->002E0FE5 [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00050FCA [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00050FAF [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->0005006C [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->0005005B [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00050FEF [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00050025 [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00050036 [unknown_code_page]
    [5612]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->0005000A [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00010FEF [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00010FDE [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00010014 [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->0001002F [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00010F5F [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->0001009E [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->000100B9 [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x7676C90E-->6CB171CB [ieframe.dll]
    [5612]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->000100D4 [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00010F44 [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00010F33 [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00010FCD [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00010054 [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00010F8B [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00010FBC [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00010F70 [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->0001006F [unknown_code_page]
    [5612]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00010F22 [unknown_code_page]
    [5612]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00040000 [unknown_code_page]
    [5612]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->0004001B [unknown_code_page]
    [5612]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00040FE5 [unknown_code_page]
    [5612]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x77998E3B-->6CB77A3F [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->CreateWindowExA, Type: Inline - RelativeJump 0x7799DC2A-->6CB23223 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x779A1305-->6CB7FE1F [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - RelativeJump 0x7799DB88-->6CB193F5 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - SEH 0x7799DB8D [unknown_code_page]
    [5612]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - SEH 0x7799DB8E [unknown_code_page]
    [5612]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - RelativeJump 0x779B03B4-->6CB77AA2 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - SEH 0x779B03B9 [unknown_code_page]
    [5612]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - SEH 0x779B03BA [unknown_code_page]
    [5612]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x779D847D-->6CCA5EEB [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x779C2EF5-->6CCA5E86 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x779D8152-->6CCA5E21 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x779C10B0-->6CAB15E3 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7799CD8B-->6CB598BC [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x779ED639-->6CCA5CCB [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x779ED65D-->6CCA5C67 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x779ED4D9-->6CCA5DA8 [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x779ED5D3-->6CCA5D2F [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x779987AD-->6CB5204C [ieframe.dll]
    [5612]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x779998DB-->6CB9E9F8 [ieframe.dll]
    [5612]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77BD4E2B-->00070000 [unknown_code_page]
    [5612]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77BDBFCE-->0007002C [unknown_code_page]
    [5612]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77C3D722-->00070FDB [unknown_code_page]
    [5612]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x77C0C03E-->00070011 [unknown_code_page]
    [5612]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00400FEF [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00250025 [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00250F94 [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00250F83 [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00250040 [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00250FEF [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->0025000A [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00250FB9 [unknown_code_page]
    [5752]wuauclt.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00250FCA [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00230000 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->0023001B [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00230036 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00230047 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->002300D7 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00230114 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00230F73 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00230125 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->002300E8 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->002300F9 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00230062 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->0023007D [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->0023009A [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00230FD1 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->002300AB [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->002300C6 [unknown_code_page]
    [5752]wuauclt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00230F98 [unknown_code_page]
    [5752]wuauclt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00260000 [unknown_code_page]
    [5752]wuauclt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00260FCA [unknown_code_page]
    [5752]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00260FE5 [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00050040 [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00050FC3 [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00050FA8 [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->0005005B [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00050000 [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->00050FEF [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00050FD4 [unknown_code_page]
    [5772]iexplore.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00050025 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00010FEF [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00010014 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00010025 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00010FD4 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00010093 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->000100E4 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00010F4D [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00010109 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->000100AE [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00010F68 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->0001004A [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->0001005B [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00010F9E [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00010FB9 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00010F8D [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00010082 [unknown_code_page]
    [5772]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->000100C9 [unknown_code_page]
    [5772]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00040000 [unknown_code_page]
    [5772]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->0004001B [unknown_code_page]
    [5772]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00040FE5 [unknown_code_page]
    [5772]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x779D847D-->6CCA5EEB [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x779C2EF5-->6CCA5E86 [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x779D8152-->6CCA5E21 [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x779C10B0-->6CAB15E3 [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7799CD8B-->6CB598BC [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x779ED639-->6CCA5CCB [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x779ED65D-->6CCA5C67 [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x779ED4D9-->6CCA5DA8 [ieframe.dll]
    [5772]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x779ED5D3-->6CCA5D2F [ieframe.dll]
    [5772]iexplore.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x77BD4E2B-->00070FEF [unknown_code_page]
    [5772]iexplore.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x77BDBFCE-->0007000A [unknown_code_page]
    [5772]iexplore.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77C3D722-->00070FB9 [unknown_code_page]
    [5772]iexplore.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x77C0C03E-->00070FDE [unknown_code_page]
    [5772]iexplore.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00300FEF [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->000A0FA8 [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->000A004A [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->000A0F8D [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->000A002F [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->000A0000 [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->000A0FD4 [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->000A0FB9 [unknown_code_page]
    [664]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->000A0FE5 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00070FEF [unknown_code_page]
    [664]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00070FCA [unknown_code_page]
    [664]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00070FAF [unknown_code_page]
    [664]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->00070F94 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00070F32 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00070EEB [unknown_code_page]
    [664]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00070EDA [unknown_code_page]
    [664]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00070082 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00070F21 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00070067 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00070000 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00070F6F [unknown_code_page]
    [664]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00070F5E [unknown_code_page]
    [664]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00070011 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00070038 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00070F43 [unknown_code_page]
    [664]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00070F06 [unknown_code_page]
    [664]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->000C0FE5 [unknown_code_page]
    [664]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->000C0FB9 [unknown_code_page]
    [664]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->000C0FD4 [unknown_code_page]
    [664]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00080000 [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->00380025 [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->00380F9E [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->00380F79 [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->00380040 [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->00380FEF [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->0038000A [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->00380FB9 [unknown_code_page]
    [676]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->00380FD4 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->001B0000 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->001B0FE5 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->001B0FD4 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->001B0FC3 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->001B009B [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->001B00D8 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->001B00E9 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->001B0F37 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->001B00AC [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->001B0F70 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->001B0039 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->001B0FA8 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->001B0065 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->001B0054 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->001B0076 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->001B0F81 [unknown_code_page]
    [676]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->001B00C7 [unknown_code_page]
    [676]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00390FEF [unknown_code_page]
    [676]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->0039001B [unknown_code_page]
    [676]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->0039000A [unknown_code_page]
    [676]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->001C0000 [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->001C002C [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->001C0F94 [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->001C0F83 [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->001C0FA5 [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->001C0000 [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->001C0FCA [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->001C001B [unknown_code_page]
    [872]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->001C0FE5 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->00190FEF [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00190FD4 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->0019000A [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->0019001B [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->00190F61 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00190F24 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00190F13 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->00190EF8 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->00190096 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00190F50 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->0019002C [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00190F9E [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00190067 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00190FAF [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00190F83 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00190F72 [unknown_code_page]
    [872]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->00190F3F [unknown_code_page]
    [872]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->001D0FEF [unknown_code_page]
    [872]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->001D0025 [unknown_code_page]
    [872]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->001D000A [unknown_code_page]
    [872]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->001A0FEF [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->003E0039 [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->003E0065 [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->003E0FA8 [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->003E0054 [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->003E0FEF [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->003E0FDE [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->003E0FCD [unknown_code_page]
    [880]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->003E000A [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->0037000A [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->00370FE5 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->00370FD4 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->0037002F [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->0037008A [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->00370F3A [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->00370F1F [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->003700D1 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->0037009B [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->00370F55 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->00370040 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->00370FB9 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->00370FA8 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->00370051 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->00370F81 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->00370F70 [unknown_code_page]
    [880]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->003700AC [unknown_code_page]
    [880]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00400FE5 [unknown_code_page]
    [880]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->00400FC0 [unknown_code_page]
    [880]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00400000 [unknown_code_page]
    [880]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->00390FEF [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77B03BA9-->005D0FAF [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77B039AB-->005D0036 [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77B141F1-->005D0F79 [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77B1391E-->005D0F94 [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77B089C7-->005D0000 [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77B17C42-->005D0FD4 [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77B27BA1-->005D001B [unknown_code_page]
    [956]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77B1E2B5-->005D0FE5 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7676CE5F-->000A0FEF [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7676AECB-->000A0FDE [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x76722EF5-->000A0014 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x76725C0C-->000A0025 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x76748E6E-->000A0F50 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x76721C28-->000A0F2B [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x76721BF3-->000A0F10 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7676903B-->000A00C2 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x767219C9-->000A007B [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x76721929-->000A008C [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x767494DC-->000A0FAF [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x767494B4-->000A0F83 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x76749109-->000A0F72 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x76749362-->000A0F9E [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76721DC3-->000A0F61 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7674DBDA-->000A0056 [unknown_code_page]
    [956]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x767B5CF7-->000A009D [unknown_code_page]
    [956]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77D34224-->00620000 [unknown_code_page]
    [956]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77D342E4-->0062001B [unknown_code_page]
    [956]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77D34B84-->00620FE5 [unknown_code_page]
    [956]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x768336D1-->000F0FEF [unknown_code_page]
     
    jimmymac725,
    #17
  19. 2011/07/02
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    ComboFix 11-07-01.02 - LAINIE 07/02/2011 9:20.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1021 [GMT -5:00]
    Running from: c:\users\LAINIE\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-02 14:33 . 2011-07-02 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-02 13:45 . 2011-07-02 13:45 -------- d-----w- c:\windows\LastGood
    2011-07-02 13:44 . 2011-04-14 19:01 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
    2011-07-02 13:44 . 2011-04-14 19:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-07-02 13:44 . 2011-04-14 19:01 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2011-07-02 13:44 . 2011-04-14 19:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-07-02 13:44 . 2011-04-14 19:01 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2011-07-02 13:44 . 2011-04-14 19:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-07-02 13:44 . 2011-04-14 19:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-07-02 13:44 . 2011-04-14 19:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-07-02 13:44 . 2011-04-14 19:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-07-02 13:43 . 2011-07-02 13:43 -------- d-----w- c:\program files\McAfee.com
    2011-07-02 13:30 . 2011-03-13 16:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-07-01 06:31 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8528409E-25C9-4364-9DC0-E96F850C28E6}\mpengine.dll
    2011-06-30 01:59 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-06-28 02:42 . 2011-06-28 02:42 -------- d-----w- c:\program files\The Weather Channel FW
    2011-06-28 02:41 . 2011-06-28 02:41 -------- d-----w- c:\users\LAINIE\AppData\Local\The Weather Channel
    2011-06-18 01:45 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-18 01:45 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-18 01:45 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-16 19:55 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 19:55 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-16 19:55 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 19:55 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 19:55 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 19:54 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 19:54 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 19:54 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 19:54 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 19:54 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-06-10 16:56 . 2011-06-10 16:56 -------- d-----w- c:\program files\iPod
    2011-06-10 12:57 . 2011-07-02 12:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-25 00:14 . 2009-10-03 00:35 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-21 05:06 . 2011-05-21 05:06 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-05-11 03:18 . 2011-05-11 03:18 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-05-11 03:18 . 2011-05-11 03:18 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-05-11 03:18 . 2011-05-11 03:18 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-05-11 03:18 . 2011-05-11 03:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-11 03:18 . 2011-05-11 03:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-11 03:18 . 2011-05-11 03:18 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-05-11 03:18 . 2011-05-11 03:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-05-11 03:18 . 2011-05-11 03:18 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-05-11 03:18 . 2011-05-11 03:18 367104 ----a-w- c:\windows\system32\html.iec
    2011-05-11 03:18 . 2011-05-11 03:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-05-11 03:18 . 2011-05-11 03:18 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-05-11 03:18 . 2011-05-11 03:18 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-05-11 03:18 . 2011-05-11 03:18 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-05-11 03:18 . 2011-05-11 03:18 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-05-11 03:18 . 2011-05-11 03:18 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-05-11 03:18 . 2011-05-11 03:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-11 03:18 . 2011-05-11 03:18 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-05-11 03:18 . 2011-05-11 03:18 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-05-11 03:18 . 2011-05-11 03:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-10 13:06 . 2011-05-10 13:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 13:06 . 2011-05-10 13:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-05-04 09:52 . 2010-09-19 18:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-18 17:53 . 2011-03-26 18:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 19:01 . 2011-07-02 13:44 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW6 "= "c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Sidebar "= "c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "HPWireless "= "c:\program files\HP Wireless Adapter\HPWLAN.exe" [2007-05-15 733184]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
    "QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
    "hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
    "ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Bandoo\BndHook.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
    backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^connection manager.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\connection manager.lnk
    backup=c:\windows\pss\connection manager.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EmailStripper.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\EmailStripper.lnk
    backup=c:\windows\pss\EmailStripper.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^LAINIE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wkcalrem.LNK]
    path=c:\users\LAINIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK
    backup=c:\windows\pss\wkcalrem.LNK.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 13:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
    2009-03-06 00:41 98304 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-10-09 13:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-06-02 07:55 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2009-08-20 19:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-06-24 11:08 13601312 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-06-24 11:08 92704 ----a-w- c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
    2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-12-20 00:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-08-14 03:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001
    .
    R2 0324211309614407mcinstcleanup;McAfee Application Installer Cleanup (0324211309614407);c:\users\LAINIE\AppData\Local\Temp\032421~1.EXE [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
    R3 AF0AA5E8;AF0AA5E8;c:\windows\system32\AF0AA5E8.exe [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
    R3 HPNUCMP;HP NUSB Composite;c:\windows\system32\DRIVERS\hpnucmp.sys [2006-12-15 14336]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
    R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-29 28224]
    R3 RTL8187;Wireless Adapter;c:\windows\system32\DRIVERS\hpl8187.sys [2007-03-27 219648]
    R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-03-22 23608]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
    S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2006-12-01 15360]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-02-19 233472]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
    S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-19 36608]
    S3 hpnuhst;HP NUSB Host;c:\windows\system32\DRIVERS\hpnuhst.sys [2007-03-28 13824]
    S3 HPNUHUB;HP NUSB Hub;c:\windows\system32\DRIVERS\hpnuhub.sys [2007-03-28 35840]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - BLACKBOX
    *NewlyCreated* - MFENLFK
    *Deregistered* - BlackBox
    *Deregistered* - mfeapfk01
    *Deregistered* - mfeavfk01
    *Deregistered* - mfefirek01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-02 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-24 00:46]
    .
    2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 05:35]
    .
    2011-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 05:35]
    .
    2011-06-25 c:\windows\Tasks\HPCeeScheduleForLAINIE.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-12-06 19:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    mSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{B59BCC86-317E-48B2-919D-D27F80BBA20E}: NameServer = 0.0.0.0
    FF - ProfilePath - c:\users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://fruttisearch.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
    FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-02 09:33
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    [0] 0x62006D00
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4140)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-07-02 09:38:29
    ComboFix-quarantined-files.txt 2011-07-02 14:38
    ComboFix2.txt 2011-06-30 02:41
    .
    Pre-Run: 19,557,003,264 bytes free
    Post-Run: 19,577,040,896 bytes free
    .
    - - End Of File - - 9FE251C304D48E2D482BEFD30A5FA0BD
     
    jimmymac725,
    #18
  20. 2011/07/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good as well.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #19
  21. 2011/07/02
    jimmymac725

    jimmymac725 Inactive Thread Starter

    Joined:
    2011/03/13
    Messages:
    64
    Likes Received:
    0
    OTL logfile created on: 7/2/2011 12:33:56 PM - Run 1
    OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\LAINIE\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.18% Memory free
    4.11 Gb Paging File | 2.56 Gb Available in Paging File | 62.41% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 137.19 Gb Total Space | 18.25 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
    Drive D: | 11.86 Gb Total Space | 1.29 Gb Free Space | 10.90% Space Free | Partition Type: NTFS

    Computer Name: LAINIE-PC | User Name: LAINIE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/02 11:39:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\LAINIE\Downloads\OTL.exe
    PRC - [2011/05/05 15:44:48 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2010/03/10 08:33:36 | 000,147,392 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Core\mchost.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/02 11:39:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\LAINIE\Downloads\OTL.exe
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
    SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
    SRV - File not found [On_Demand | Stopped] -- -- (AF0AA5E8)
    SRV - File not found [Auto | Stopped] -- -- (0324211309614407mcinstcleanup) McAfee Application Installer Cleanup (0324211309614407)
    SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2009/12/13 13:31:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
    SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 14:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 14:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2011/03/22 01:55:30 | 000,023,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
    DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/07/15 19:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
    DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
    DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/03/27 19:26:48 | 000,035,840 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpnuhub.sys -- (HPNUHUB)
    DRV - [2007/03/27 19:13:36 | 000,013,824 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hpnuhst.sys -- (hpnuhst)
    DRV - [2007/03/26 23:04:52 | 000,219,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpl8187.sys -- (RTL8187)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/12/15 17:58:28 | 000,014,336 | ---- | M] (Hewlett-Packard Development Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpnucmp.sys -- (HPNUCMP)
    DRV - [2006/12/01 14:53:32 | 000,015,360 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
    DRV - [2006/11/28 21:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
    DRV - [2006/11/28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 CD 47 E6 B6 18 CB 01 [binary data]
    IE - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search "
    FF - prefs.js..browser.search.defaulturl: "http://fruttisearch.com/search.php?q= "
    FF - prefs.js..browser.search.order.1: "iMesh Web Search "
    FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/ "
    FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.5.2.2
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.2
    FF - prefs.js..extensions.enabledItems: {39124730-0779-11de-8c30-0800200c9a66}:2
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
    FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.2.0
    FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:2.0.2
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0
    FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q= "
    FF - prefs.js..network.proxy.no_proxies_on: "*.local "
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q= "


    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/30 00:20:32 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 08:44:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/03 08:44:03 | 000,000,000 | ---D | M]

    [2009/09/22 00:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Extensions
    [2009/09/22 00:27:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/05/25 21:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions
    [2009/06/25 20:03:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/08/22 11:47:46 | 000,000,000 | ---D | M] (FFComponent) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}
    [2009/09/01 21:16:57 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
    [2010/06/30 19:46:45 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\ChoiceGuard@Microsoft
    [2010/11/29 22:44:29 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\firefox@bandoo.com
    [2011/05/17 23:39:56 | 000,000,000 | ---D | M] ( "Xmarks ") -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\foxmarks@kei.com
    [2009/06/19 20:54:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\moveplayer@movenetworks.com
    [2011/05/25 21:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\extensions\staged
    [2009/06/23 20:40:37 | 000,000,681 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\searchplugins\ask.xml
    [2009/09/01 21:16:58 | 000,005,413 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\searchplugins\fast-browser-search.xml
    [2009/11/29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\searchplugins\iMeshWebSearch.xml
    [2009/08/22 11:29:10 | 000,000,239 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\searchplugins\Search.xml
    [2009/09/01 21:11:57 | 000,003,915 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Mozilla\Firefox\Profiles\2fxk8taz.default\searchplugins\sweetim.xml
    [2011/06/18 02:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/19 13:10:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/02 11:03:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/18 22:39:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/18 00:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/18 02:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) --
    File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    () (No name found) -- C:\USERS\LAINIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FXK8TAZ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
    () (No name found) -- C:\USERS\LAINIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FXK8TAZ.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
    () (No name found) -- C:\USERS\LAINIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FXK8TAZ.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
    () (No name found) -- C:\USERS\LAINIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FXK8TAZ.DEFAULT\EXTENSIONS\COMPACTMENUCE@MERCI.CHAO.XPI
    () (No name found) -- C:\USERS\LAINIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FXK8TAZ.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
    [2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2010/05/12 11:58:23 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2011/03/18 12:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 12:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2009/11/29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

    O1 HOSTS File: ([2011/06/29 21:35:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {3EBC9781-F4A5-4550-A64B-EAAA32CFB80A} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110702084444.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    O15 - HKU\S-1-5-21-2043955969-1988847732-1919911347-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - AppInit_DLLs: (c:\PROGRA~1\Bandoo\BndHook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\LAINIE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\LAINIE\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/12/05 23:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/02 09:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/07/02 09:18:15 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/07/02 08:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/07/02 08:45:23 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
    [2011/07/02 08:44:43 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
    [2011/07/02 08:44:18 | 000,165,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
    [2011/07/02 08:44:17 | 000,314,088 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
    [2011/07/02 08:44:17 | 000,084,488 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
    [2011/07/02 08:44:17 | 000,064,584 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
    [2011/07/02 08:44:16 | 000,153,280 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
    [2011/07/02 08:44:16 | 000,056,064 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
    [2011/07/02 08:44:16 | 000,052,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
    [2011/07/02 08:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2011/07/02 08:30:02 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    [2011/06/29 21:07:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/29 21:07:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/29 21:07:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/29 21:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/29 21:03:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/27 21:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
    [2011/06/27 21:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
    [2011/06/27 21:41:18 | 000,000,000 | ---D | C] -- C:\Users\LAINIE\AppData\Local\The Weather Channel
    [2011/06/10 11:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/06/10 11:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/06/02 13:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

    ========== Files - Modified Within 30 Days ==========

    [2011/07/02 12:26:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/02 12:26:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/02 11:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/02 11:37:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2011/07/02 08:59:39 | 000,233,108 | ---- | M] () -- C:\Users\LAINIE\Desktop\Report unhooker
    [2011/07/02 08:47:44 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
    [2011/07/02 08:27:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/02 08:27:41 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/07/02 08:26:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/02 07:32:10 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/07/01 21:17:07 | 000,000,512 | ---- | M] () -- C:\Users\LAINIE\Desktop\MBR.dat
    [2011/06/30 20:44:10 | 000,000,558 | ---- | M] () -- C:\Users\LAINIE\Application Data\Microsoft\Internet Explorer\Quick Launch\Greenville, Illinois (62246) Conditions & Forecast Weather Underground.website
    [2011/06/30 03:21:15 | 002,329,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/06/29 21:35:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/06/29 20:29:40 | 148,184,184 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/06/29 20:25:47 | 000,001,356 | ---- | M] () -- C:\Users\LAINIE\AppData\Local\d3d9caps.dat
    [2011/06/29 03:13:40 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2011/06/28 13:53:45 | 000,000,539 | ---- | M] () -- C:\Users\LAINIE\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Hotmail.website
    [2011/06/28 08:05:50 | 000,000,607 | ---- | M] () -- C:\Users\LAINIE\Desktop\In God We Still Trust - Shortcut.lnk
    [2011/06/28 08:05:03 | 000,010,240 | ---- | M] () -- C:\Users\LAINIE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/27 22:06:30 | 000,000,256 | ---- | M] () -- C:\Users\LAINIE\Desktop\30 Snack Ideas Gluten Free Recipes.url
    [2011/06/27 21:50:32 | 000,000,486 | ---- | M] () -- C:\Users\LAINIE\Application Data\Microsoft\Internet Explorer\Quick Launch\Chase Online - Logon.website
    [2011/06/27 21:42:23 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
    [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
    [2011/06/24 19:53:46 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLAINIE.job
    [2011/06/23 22:49:23 | 000,000,478 | ---- | M] () -- C:\Users\LAINIE\Application Data\Microsoft\Internet Explorer\Quick Launch\Facebook (1).website
    [2011/06/23 22:29:06 | 000,000,178 | ---- | M] () -- C:\Users\LAINIE\Desktop\HP Notebook PC Battery Pack Replacement Program.url
    [2011/06/23 11:34:54 | 006,263,190 | ---- | M] () -- C:\Users\LAINIE\Desktop\03 - Rolling In The Deep (made famous by Adele).mp3
    [2011/06/23 00:43:05 | 000,002,627 | ---- | M] () -- C:\Users\LAINIE\Desktop\Microsoft Office Word 2007.lnk
    [2011/06/22 20:06:20 | 000,000,315 | ---- | M] () -- C:\Users\LAINIE\Desktop\Health Information, Resources, Tools & News Online - EverydayHealth.com.url
    [2011/06/22 14:29:06 | 000,488,267 | ---- | M] () -- C:\Users\LAINIE\Documents\How working affects Soc. Sec. Benefits.pdf
    [2011/06/22 12:42:03 | 000,064,098 | ---- | M] () -- C:\Users\LAINIE\Documents\UPSLabel.pdf
    [2011/06/21 07:35:36 | 000,000,581 | ---- | M] () -- C:\Users\LAINIE\Desktop\Amazon.url
    [2011/06/20 19:19:28 | 000,000,436 | ---- | M] () -- C:\Users\LAINIE\Desktop\Strawberry Angel Food Dessert Recipe - Allrecipes.com.url
    [2011/06/19 15:12:04 | 000,000,220 | ---- | M] () -- C:\Users\LAINIE\Application Data\Microsoft\Internet Explorer\Quick Launch\ebay.url
    [2011/06/18 03:18:02 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/06/18 03:18:02 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/06/15 12:27:57 | 000,034,647 | ---- | M] () -- C:\Users\LAINIE\Desktop\Goodbye Mom.rtf
    [2011/06/14 20:52:03 | 000,000,657 | ---- | M] () -- C:\Users\LAINIE\Desktop\Restart connection manager.lnk
    [2011/06/10 11:59:05 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/06/10 08:17:26 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2011/06/03 16:45:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/06/03 16:45:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/06/03 16:44:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

    ========== Files Created - No Company Name ==========

    [2011/07/02 08:59:39 | 000,233,108 | ---- | C] () -- C:\Users\LAINIE\Desktop\Report unhooker
    [2011/07/02 08:47:31 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
    [2011/07/01 21:17:07 | 000,000,512 | ---- | C] () -- C:\Users\LAINIE\Desktop\MBR.dat
    [2011/06/29 21:07:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/29 21:07:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/29 21:07:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/29 21:07:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/29 21:07:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/29 20:29:40 | 148,184,184 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/06/28 08:05:50 | 000,000,607 | ---- | C] () -- C:\Users\LAINIE\Desktop\In God We Still Trust - Shortcut.lnk
    [2011/06/27 22:06:30 | 000,000,256 | ---- | C] () -- C:\Users\LAINIE\Desktop\30 Snack Ideas Gluten Free Recipes.url
    [2011/06/27 21:42:23 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
    [2011/06/23 22:29:06 | 000,000,178 | ---- | C] () -- C:\Users\LAINIE\Desktop\HP Notebook PC Battery Pack Replacement Program.url
    [2011/06/22 20:46:09 | 006,263,190 | ---- | C] () -- C:\Users\LAINIE\Desktop\03 - Rolling In The Deep (made famous by Adele).mp3
    [2011/06/22 20:06:20 | 000,000,315 | ---- | C] () -- C:\Users\LAINIE\Desktop\Health Information, Resources, Tools & News Online - EverydayHealth.com.url
    [2011/06/22 14:29:06 | 000,488,267 | ---- | C] () -- C:\Users\LAINIE\Documents\How working affects Soc. Sec. Benefits.pdf
    [2011/06/22 12:42:03 | 000,064,098 | ---- | C] () -- C:\Users\LAINIE\Documents\UPSLabel.pdf
    [2011/06/21 07:35:36 | 000,000,581 | ---- | C] () -- C:\Users\LAINIE\Desktop\Amazon.url
    [2011/06/20 19:19:28 | 000,000,436 | ---- | C] () -- C:\Users\LAINIE\Desktop\Strawberry Angel Food Dessert Recipe - Allrecipes.com.url
    [2011/06/19 15:12:04 | 000,000,220 | ---- | C] () -- C:\Users\LAINIE\Application Data\Microsoft\Internet Explorer\Quick Launch\ebay.url
    [2011/06/15 11:44:15 | 000,002,627 | ---- | C] () -- C:\Users\LAINIE\Desktop\Microsoft Office Word 2007.lnk
    [2011/06/14 20:52:03 | 000,000,657 | ---- | C] () -- C:\Users\LAINIE\Desktop\Restart connection manager.lnk
    [2011/06/13 20:02:03 | 000,034,647 | ---- | C] () -- C:\Users\LAINIE\Desktop\Goodbye Mom.rtf
    [2011/06/10 11:59:05 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/06/03 16:45:33 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2011/06/03 16:45:33 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010/10/26 22:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010/07/15 19:45:44 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2009/12/27 00:40:15 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/12/13 01:59:43 | 000,001,431 | ---- | C] () -- C:\Windows\crnb_dpp.ini
    [2009/08/04 13:53:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/04 13:53:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/14 21:27:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2009/07/14 21:27:31 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2009/07/12 22:11:13 | 000,012,054 | R--- | C] () -- C:\Windows\hpwscr20.dat
    [2009/07/12 22:09:07 | 000,178,364 | ---- | C] () -- C:\Windows\hpwins20.dat
    [2009/03/12 00:12:41 | 000,010,240 | ---- | C] () -- C:\Users\LAINIE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/02/10 08:59:47 | 000,001,356 | ---- | C] () -- C:\Users\LAINIE\AppData\Local\d3d9caps.dat
    [2008/12/21 22:37:21 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/12/21 22:37:21 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008/12/21 18:14:14 | 000,007,913 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2008/11/10 01:06:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/09/13 19:17:31 | 000,000,000 | ---- | C] () -- C:\Users\LAINIE\AppData\Roaming\wklnhst.dat
    [2008/04/04 18:36:44 | 000,027,430 | ---- | C] () -- C:\Users\LAINIE\AppData\Roaming\nvModes.001
    [2008/04/03 18:03:12 | 000,027,430 | ---- | C] () -- C:\Users\LAINIE\AppData\Roaming\nvModes.dat
    [2008/01/18 21:00:32 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/01/18 20:56:08 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2008/01/08 07:42:32 | 000,002,428 | R--- | C] () -- C:\Windows\hpwmdl20.dat
    [2007/12/05 23:51:03 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 002,329,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2010/07/03 00:36:08 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\acccore
    [2010/09/17 22:54:51 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Amazon
    [2010/05/17 21:48:47 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Astro Gemini Software
    [2009/07/26 21:20:22 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Azureus
    [2010/11/29 22:44:46 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Bandoo
    [2011/03/16 21:47:23 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\DriverCure
    [2010/05/12 11:58:23 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\E-centives
    [2011/01/20 15:35:41 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Gizmo5
    [2009/04/20 20:01:00 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\iWin
    [2009/04/25 17:44:35 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\KewlBoxPrefs
    [2008/06/05 08:01:27 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Leadertech
    [2009/11/26 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\MusicNet
    [2009/07/14 21:30:18 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\PC Suite
    [2009/12/13 16:22:29 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Preclick Photo Organizer
    [2011/03/16 22:22:05 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\RadarSync
    [2009/07/14 21:27:06 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Samsung
    [2008/12/08 20:17:35 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Skinux
    [2010/09/08 19:25:30 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\SmartDraw
    [2009/05/10 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\SpinTop
    [2008/09/21 13:49:06 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Template
    [2009/12/12 23:01:42 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Thinstall
    [2009/12/31 21:42:16 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Titanium Gears
    [2009/03/13 21:47:58 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Uniblue
    [2008/04/23 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\WildTangent
    [2011/02/13 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\LAINIE\AppData\Roaming\Windows Live Writer
    [2011/07/02 08:24:51 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/12/05 23:36:21 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/07/02 09:38:29 | 000,020,202 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/06/23 21:15:44 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
    [2009/05/07 09:26:09 | 000,000,045 | ---- | M] () -- C:\error.log
    [2011/06/03 16:45:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/07/03 00:35:36 | 000,000,732 | -H-- | M] () -- C:\IPH.PH
    [2011/06/03 16:45:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/07/02 08:26:10 | 2393,034,752 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/08/07 07:43:31 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/12/03 18:55:24 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
    [2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/07/02 08:06:26 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >
    [2008/12/31 16:59:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\IsolatedStorage\3y3spjp4.4rb\mthr3ffc.1bq\Url.baos234cgu3y3glozyjwicytydpaxc2n\Url.x3upfl5pwc2qpjifbyrh04mtwz3rn4cm\Files\bak

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2008/06/23 18:36:24 | 000,773,120 | ---- | M] () -- C:\Windows\system32\NEROINSTAEC43759.DB

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/12 14:29:10 | 000,000,489 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\(AT&T Yahoo! Mail'.url
    [2011/06/27 21:50:32 | 000,000,486 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chase Online - Logon.website
    [2011/05/10 22:28:07 | 000,000,838 | -HS- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/06/19 15:12:04 | 000,000,220 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ebay.url
    [2011/06/23 22:49:23 | 000,000,478 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Facebook (1).website
    [2011/06/02 09:33:30 | 000,000,367 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\First National Bank Online!.url
    [2011/06/30 20:44:10 | 000,000,558 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Greenville, Illinois (62246) Conditions & Forecast Weather Underground.website
    [2011/05/28 22:22:53 | 000,000,261 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Netflix.url
    [2011/06/28 13:53:45 | 000,000,539 | ---- | M] () -- C:\Users\LAINIE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Hotmail.website

    < %USERPROFILE%\Desktop\*.exe >
    [2007/10/01 21:01:46 | 000,004,608 | ---- | M] () -- C:\Users\LAINIE\Desktop\keygen.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/25 00:58:58 | 000,000,402 | -HS- | M] () -- C:\Users\LAINIE\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/06/18 22:52:24 | 000,000,006 | -HS- | M] () -- C:\ProgramData\desktop.ini
    [2011/03/20 14:34:07 | 000,002,675 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2008/12/21 18:16:58 | 000,007,913 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2011/07/02 08:27:41 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 577 bytes -> C:\Users\LAINIE\Documents\60 seconds of your time.eml:OECustomProperty
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:2D5907B8
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
    jimmymac725,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...