1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved EBay popup asking for card info and preventing access

Discussion in 'Malware and Virus Removal Archive' started by eve2684, 2012/01/25.

Page 1 of 2
  1. 2012/01/25
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    [Resolved] EBay popup asking for card info and preventing access

    Hi there

    I've been having problems with eBay for about a week. Each time I try to log in or otherwise use the site I get a popup asking for atm/debit/credit card info, which won't let me proceed through. After a bit of googling I've realised that it must be a virus, would love some help!

    The original malwarebytes scan log disappeared on my computer so this is one that I did after all the other scans, hope it's ok.

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Customer at 6:09:47 on 2012-01-25
    Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.61.1033.18.2038.506 [GMT 10:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Protector Suite QL\upeksvr.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\ProgramData\DatacardService\HWDeviceService.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Users\Customer\Downloads\aswMBR.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://som-ws1.herston.uq.edu.au/MBBSPortal/Login.aspx?ReturnUrl=/MBBSPortal/default.aspx
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
    uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
    uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    uRun: [Google Update] "c:\users\customer\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe "
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe "
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll "
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Skytel] Skytel.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe "
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\users\customer\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/B/E/5BE645ED-2F2D-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    TCP: DhcpNameServer = 211.29.132.12 61.88.88.88
    TCP: Interfaces\{14AAC950-DCF0-42C6-9FF5-646AFA20AA3F} : DhcpNameServer = 211.29.132.12 61.88.88.88
    TCP: Interfaces\{4E485E8A-2A68-4825-BF09-D10300769CC1} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{54EB96A0-E365-4AA7-ABBB-43A8CD81C1A4} : DhcpNameServer = 130.102.128.43 130.102.2.15
    TCP: Interfaces\{BABEC29D-0FA6-4440-A620-FA377FA99464} : DhcpNameServer = 211.29.132.12 61.88.88.88
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\customer\appdata\roaming\mozilla\firefox\profiles\yl5aqzvn.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=&mid=e09a01eec977caa9b78a5e92a312bb49-2fbfff59f3a315060e1dafdd7f6b88570718f3ca&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-11-22%2002%3A21%3A07&sap=ku&q=
    FF - component: c:\programdata\avg secure search\9.0.0.18\components\toolbarhomewmp.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\customer\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-10 210432]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-23 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-23 314456]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-18 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-18 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-23 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-23 55128]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-1-19 89856]
    R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2012-1-19 66688]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-19 73984]
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-1-19 26624]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-19 102784]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-7-7 39048]
    .
    =============== Created Last 30 ================
    .
    2012-01-24 15:47:40 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6c669a80-2d4e-4e10-ac3a-a4cf5d95aca2}\offreg.dll
    2012-01-24 13:25:36 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6c669a80-2d4e-4e10-ac3a-a4cf5d95aca2}\mpengine.dll
    2012-01-24 12:26:00 100864 ----a-w- C:\pgldapow.sys
    2012-01-23 21:28:45 -------- d-----w- c:\users\customer\appdata\roaming\Malwarebytes
    2012-01-23 21:28:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-23 21:28:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-23 21:28:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-23 07:22:25 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-23 07:22:21 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-01-23 07:20:32 41184 ----a-w- c:\windows\avastSS.scr
    2012-01-23 07:19:57 -------- d-----w- c:\programdata\AVAST Software
    2012-01-23 07:19:56 -------- d-----w- c:\program files\AVAST Software
    2012-01-22 17:03:59 149504 ----a-w- c:\program files\internet explorer\jsprofilerui.dll
    2012-01-22 17:03:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-22 17:03:58 386560 ----a-w- c:\program files\internet explorer\jsdbgui.dll
    2012-01-22 17:03:58 22016 ----a-w- c:\program files\internet explorer\ExtExport.exe
    2012-01-19 07:54:52 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-19 07:54:52 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-19 07:54:52 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-19 07:54:52 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-19 07:54:52 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-19 07:54:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-19 07:33:41 -------- d-----w- c:\programdata\Optus Mobile Broadband
    2012-01-19 07:30:18 -------- d-----w- c:\program files\Optus Mobile Broadband
    2012-01-19 07:28:56 -------- d-----w- c:\programdata\DatacardService
    2012-01-19 06:05:54 -------- d-----w- C:\from phone
    2012-01-11 07:11:05 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 07:11:03 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 07:11:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 07:11:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-11 07:10:59 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 07:10:57 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 07:10:22 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 07:10:21 497152 ----a-w- c:\windows\system32\qdvd.dll
    .
    ==================== Find3M ====================
    .
    2012-01-19 07:30:57 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
    2012-01-19 07:30:57 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2012-01-19 07:30:57 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
    2012-01-19 07:30:57 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
    2012-01-19 07:30:57 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
    2012-01-19 07:30:57 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2012-01-19 07:30:57 239104 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
    2012-01-19 07:30:57 195200 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2012-01-19 07:30:57 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
    2012-01-19 07:30:57 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
    2012-01-19 07:30:57 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
    2012-01-19 07:30:56 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2012-01-19 07:30:56 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 04:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    ============= FINISH: 6:12:08.34 ===============
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-24 22:58:33
    Windows 6.0.6002 Service Pack 2
    Running: 8qzsmjcd.exe; Driver: C:\Users\Customer\AppData\Local\Temp\pgldapow.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037aeef1c7
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037aeef1c7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00037aeef1c7 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    .
     
    eve2684,
    #1
  2. 2012/01/25
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    Please post the Malwarebytes log and the contents of Attatch.txt from DDS.

    Please be aware ....

    As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2012/01/25
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    Here's the remainder, I think that's everything now. Thanks for the help!

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume3
    Install Date: 29/08/2007 10:56:39 AM
    System Uptime: 24/01/2012 10:00:47 PM (8 hours ago)
    .
    Motherboard: TOSHIBA | | Satellite U300
    Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | U2E1 | 1801/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 143 GiB total, 28.299 GiB free.
    D: is CDROM (CDFS)
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    3 MobileBroadband
    AC3Filter (remove only)
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 2.1
    Adobe Photoshop Elements 5.0
    Adobe Reader 8.2.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Software Suite
    avast! Free Antivirus
    AVG Free 8.5
    BitComet 0.94
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Camera Assistant Software for Toshiba
    Canon MP Navigator 3.0
    Canon MP160
    CD/DVD Drive Acoustic Silencer
    Digital Voice Editor 3
    DivX Web Player
    DVD MovieFactory for TOSHIBA
    e-tax 2007
    e-tax 2008
    e-tax 2009
    e-tax 2010
    e-tax 2011
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    Intel® Turbo Memory and Intel Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Runtime Environment 6
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Macromedia Flash Player 8
    Malwarebytes Anti-Malware version 1.60.0.1800
    mCore
    Memeo AutoSync
    Memeo Instant Backup
    mHelp
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft VC90 CRT + OMP
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft XML Parser
    mMHouse
    Mozilla Firefox 9.0.1 (x86 en-GB)
    mPfMgr
    MSVC80_x86
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nokia Connectivity Cable Driver
    OGA Notifier 2.0.0048.0
    Optus Mobile Broadband
    PC Connectivity Solution
    PHOTOfunSTUDIO -viewer-
    Protector Suite QL 5.6
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RentSmart July 2006 Screen Saver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Seagate Dashboard
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Shockwave
    Skype™ 4.2
    Sony Ericsson Media Manager 1.1
    Synaptics Pointing Device Driver
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VideoLAN VLC media player 0.8.6i
    WinAVI Video Converter
    Windows Driver Package - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3)
    Windows Driver Package - Nokia Modem (08/03/2007 3.2)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Encoder 9 Series
    WinRAR 4.00 (32-bit)
    Xvid 1.1.3 final uninstall
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    25/01/2012 6:12:47 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    25/01/2012 6:06:11 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.91.120 for the Network Card with network address 582C80139263 has been denied by the DHCP server 42.241.110.102 (The DHCP Server sent a DHCPNACK message).
    24/01/2012 7:36:39 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.99.147 for the Network Card with network address 582C80139263 has been denied by the DHCP server 42.241.70.33 (The DHCP Server sent a DHCPNACK message).
    24/01/2012 6:54:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.82.50 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.99.145 (The DHCP Server sent a DHCPNACK message).
    24/01/2012 6:30:08 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    24/01/2012 6:12:33 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.69.83 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.82.49 (The DHCP Server sent a DHCPNACK message).
    24/01/2012 10:02:56 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Optus Mobile Broadband. OUC service to connect.
    24/01/2012 10:02:56 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    24/01/2012 10:02:56 PM, Error: Service Control Manager [7000] - The Optus Mobile Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    23/01/2012 8:34:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.109.82 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.69.81 (The DHCP Server sent a DHCPNACK message).
    23/01/2012 8:10:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.77.52 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.109.81 (The DHCP Server sent a DHCPNACK message).
    23/01/2012 7:09:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.73.203 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.77.49 (The DHCP Server sent a DHCPNACK message).
    23/01/2012 6:47:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.82.162 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.73.201 (The DHCP Server sent a DHCPNACK message).
    23/01/2012 6:09:57 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.114.116 for the Network Card with network address 582C80139263 has been denied by the DHCP server 42.241.112.233 (The DHCP Server sent a DHCPNACK message).
    23/01/2012 4:51:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 42.241.112.235 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.82.161 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 9:29:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.116.4 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.114.113 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 9:12:52 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.113.28 for the Network Card with network address 582C80139263 has been denied by the DHCP server 42.241.46.1 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 8:42:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.72.222.68 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.116.1 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 8:23:46 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 42.241.22.57 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.72.222.65 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 8:10:38 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.86.205 for the Network Card with network address 582C80139263 has been denied by the DHCP server 42.241.22.58 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 7:40:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.76.222 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.86.206 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 7:38:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.92.122 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.113.25 (The DHCP Server sent a DHCPNACK message).
    22/01/2012 3:57:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    21/01/2012 7:09:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 42.241.51.124 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.92.121 (The DHCP Server sent a DHCPNACK message).
    21/01/2012 5:20:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.95.45 for the Network Card with network address 582C80139263 has been denied by the DHCP server 42.241.51.121 (The DHCP Server sent a DHCPNACK message).
    21/01/2012 12:59:18 PM, Error: PlugPlayManager [12] - The device 'Realtek High Definition Audio' (HDAUDIO\FUNC_01&VEN_10EC&DEV_0268&SUBSYS_1179FF50&REV_1000\4&1b470033&0&0001) disappeared from the system without first being prepared for removal.
    19/01/2012 9:45:17 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.113.129 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.72.215.137 (The DHCP Server sent a DHCPNACK message).
    19/01/2012 8:48:01 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.120.145 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.113.130 (The DHCP Server sent a DHCPNACK message).
    19/01/2012 6:07:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.73.125.28 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.120.146 (The DHCP Server sent a DHCPNACK message).
    19/01/2012 6:00:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 114.72.246.170 for the Network Card with network address 582C80139263 has been denied by the DHCP server 114.73.125.25 (The DHCP Server sent a DHCPNACK message).
    19/01/2012 5:47:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user EAVAN\Customer SID (S-1-5-21-1096928848-1245119004-518991645-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    19/01/2012 5:35:49 PM, Error: Service Control Manager [7030] - The Optus Mobile Broadband. OUC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    19/01/2012 5:33:12 PM, Error: Service Control Manager [7030] - The HWDeviceService.exe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
    Last edited by a moderator: 2012/01/25
    eve2684,
    #3
  5. 2012/01/25
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    Oh I'm sorry I copied and pasted wrong. The malwarebytes scan is below.

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.23.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Customer :: EAVAN [administrator]

    25/01/2012 6:29:42 AM
    mbam-log-2012-01-25 (06-29-42).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 370063
    Time elapsed: 3 hour(s), 9 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Customer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1b99af96-45fb6d8d (Trojan.FakeMS) -> Quarantined and deleted successfully.

    (end)
     
    eve2684,
    #4
  6. 2012/01/25
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #5
  7. 2012/01/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================================

    I still need aswMBR log.
     
    broni,
    #6
  8. 2012/02/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Reopened.
     
    broni,
    #7
  9. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    Thanks! Malwarebytes log

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.23.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Customer :: EAVAN [administrator]

    23/02/2012 6:57:13 AM
    mbam-log-2012-02-23 (06-57-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197123
    Time elapsed: 17 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
    eve2684,
    #8
  10. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-23 20:43:09
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03
    Running: d2gvdjk1.exe; Driver: C:\Users\Customer\AppData\Local\Temp\pgldapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9193AFC4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9193D456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9193D4AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9193D5C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9193D3AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9193D4FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9193D400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9193D572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9193AFE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9193ADB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9193B00C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9193D9BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9193BAA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9193D486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9193D4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9193D5EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9193D3D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9193D53E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9193D42E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9193D59C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9193B96A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9193B030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9193B054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9193AE0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9193AF48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9193AF24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9193AF6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9193B078]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x924BA7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!KeInsertQueue + 2FD 82C838F4 4 Bytes [C4, AF, 93, 91]
    .text ntoskrnl.exe!KeInsertQueue + 3C1 82C839B8 8 Bytes [56, D4, 93, 91, AE, D4, 93, ...] {PUSH ESI; AAM 0x93; XCHG ECX, EAX; SCASB ; AAM 0x93; XCHG ECX, EAX}
    .text ntoskrnl.exe!KeInsertQueue + 3CD 82C839C4 4 Bytes [C4, D5, 93, 91]
    .text ntoskrnl.exe!KeInsertQueue + 3E5 82C839DC 4 Bytes [AC, D3, 93, 91]
    .text ntoskrnl.exe!KeInsertQueue + 405 82C839FC 8 Bytes [FE, D4, 93, 91, 00, D4, 93, ...]
    .text ...
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 82DB9E46 5 Bytes JMP 924B769C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 82E0354F 4 Bytes CALL 9193C025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ObInsertObject 82E07A1C 5 Bytes JMP 924B915C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 82E31013 4 Bytes CALL 9193C03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 82E9EE84 7 Bytes JMP 924BA7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88E57000, 0x4036D, 0xE8000020]
    .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88EA0000, 0x510, 0x40000040]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\WLANExt.exe[644] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\WLANExt.exe[644] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\WLANExt.exe[644] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\WLANExt.exe[644] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\WLANExt.exe[644] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\system32\WLANExt.exe[644] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\WLANExt.exe[644] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\WLANExt.exe[644] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\WLANExt.exe[644] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\csrss.exe[656] KERNEL32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[700] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[700] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[700] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[700] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[700] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00070600
    .text C:\Windows\system32\wininit.exe[700] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\wininit.exe[700] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\wininit.exe[700] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wininit.exe[700] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\services.exe[756] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[756] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[756] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[756] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[756] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[756] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsm.exe[776] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\lsm.exe[776] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\lsm.exe[776] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\winlogon.exe[848] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[848] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[848] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000603FC
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00060600
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00061014
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00060804
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00060A08
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00060C0C
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00060E10
    .text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000601F8
    .text C:\Windows\system32\winlogon.exe[848] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00070600
    .text C:\Windows\system32\winlogon.exe[848] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00070804
    .text C:\Windows\system32\winlogon.exe[848] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00070A08
    .text C:\Windows\system32\winlogon.exe[848] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000701F8
    .text C:\Windows\system32\winlogon.exe[848] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000401F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000403FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00060600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00061014
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00060804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00060A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00060C0C
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00060E10
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00070600
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00070804
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[932] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\TODDSrv.exe[984] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001401F8
    .text C:\Windows\system32\TODDSrv.exe[984] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001403FC
    .text C:\Windows\system32\TODDSrv.exe[984] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\TODDSrv.exe[984] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\Windows\system32\TODDSrv.exe[984] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\Windows\system32\TODDSrv.exe[984] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\Windows\system32\TODDSrv.exe[984] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\Windows\system32\TODDSrv.exe[984] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\Windows\system32\TODDSrv.exe[984] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] user32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] user32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] user32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] user32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] user32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Skype\Plugin Manager\skypePM.exe[992] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
     
    eve2684,
    #9
  11. 2012/02/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The log is incomplete.
     
    broni,
    #10
  12. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    Yep I know - it wouldn't let me post it all at once. Here's the next part.

    .text C:\Windows\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00AD0600
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00AD0804
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00AD0A08
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 00AD01F8
    .text C:\Windows\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 00AD03FC
    .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1072] KERNEL32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 000D0600
    .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 000D0804
    .text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 000D0A08
    .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000D01F8
    .text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000D03FC
    .text C:\Windows\System32\svchost.exe[1196] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 000B0600
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 001B0600
    .text C:\Windows\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 001B0804
    .text C:\Windows\System32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 001B0A08
    .text C:\Windows\System32\svchost.exe[1196] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001B01F8
    .text C:\Windows\System32\svchost.exe[1196] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001B03FC
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00150600
    .text C:\Windows\System32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00150804
    .text C:\Windows\System32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00150A08
    .text C:\Windows\System32\svchost.exe[1272] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001501F8
    .text C:\Windows\System32\svchost.exe[1272] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001503FC
    .text C:\Windows\System32\svchost.exe[1312] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00C50600
    .text C:\Windows\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00C50804
    .text C:\Windows\System32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00C50A08
    .text C:\Windows\System32\svchost.exe[1312] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 00C501F8
    .text C:\Windows\System32\svchost.exe[1312] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 00C503FC
    .text C:\Windows\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000901F8
    .text C:\Windows\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 001A0600
    .text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 001A0804
    .text C:\Windows\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 001A0A08
    .text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001A01F8
    .text C:\Windows\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001A03FC
    .text C:\Windows\system32\AUDIODG.EXE[1428] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe[1440] KERNEL32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1568] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00D50600
    .text C:\Windows\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00D50804
    .text C:\Windows\system32\svchost.exe[1568] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00D50A08
    .text C:\Windows\system32\svchost.exe[1568] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 00D501F8
    .text C:\Windows\system32\svchost.exe[1568] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 00D503FC
    .text C:\Windows\system32\SearchIndexer.exe[1600] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000D01F8
    .text C:\Windows\system32\SearchIndexer.exe[1600] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000D03FC
    .text C:\Windows\system32\SearchIndexer.exe[1600] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 000F0600
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 000F1014
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 000F0804
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 000F0C0C
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 000F0E10
    .text C:\Windows\system32\SearchIndexer.exe[1600] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\SearchIndexer.exe[1600] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00100600
    .text C:\Windows\system32\SearchIndexer.exe[1600] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00100804
    .text C:\Windows\system32\SearchIndexer.exe[1600] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00100A08
    .text C:\Windows\system32\SearchIndexer.exe[1600] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001001F8
    .text C:\Windows\system32\SearchIndexer.exe[1600] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001003FC
    .text C:\Windows\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
     
    eve2684,
    #11
  13. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 001C0600
    .text C:\Windows\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 001C0804
    .text C:\Windows\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 001C0A08
    .text C:\Windows\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001C01F8
    .text C:\Windows\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001C03FC
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Protector Suite QL\upeksvr.exe[1744] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\Dwm.exe[1864] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[1864] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\Dwm.exe[1864] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[1864] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\Dwm.exe[1864] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\Dwm.exe[1864] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\Dwm.exe[1864] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\Dwm.exe[1864] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000C03FC
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 002401F8
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 002403FC
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00260600
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00260804
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00260A08
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002601F8
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002603FC
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 002703FC
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00270600
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00271014
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00270804
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00270A08
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00270C0C
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00270E10
    .text C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe[1892] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 002701F8
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2012] kernel32.dll!SetUnhandledExceptionFilter 76A6A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2012] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2028] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[2028] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[2028] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[2028] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[2028] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[2028] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[2028] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[2028] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[2028] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001703FC
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00170600
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00171014
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00170804
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00170A08
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00170C0C
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00170E10
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001701F8
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 002C0600
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 002C0804
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 002C0A08
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002C01F8
    .text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2096] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002C03FC
    .text C:\Windows\System32\spoolsv.exe[2244] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000901F8
    .text C:\Windows\System32\spoolsv.exe[2244] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000903FC
    .text C:\Windows\System32\spoolsv.exe[2244] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 000B0600
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 000B1014
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 000B0804
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 000B0A08
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 000B0C0C
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 000B0E10
    .text C:\Windows\System32\spoolsv.exe[2244] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\spoolsv.exe[2244] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00130600
    .text C:\Windows\System32\spoolsv.exe[2244] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00130804
    .text C:\Windows\System32\spoolsv.exe[2244] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00130A08
    .text C:\Windows\System32\spoolsv.exe[2244] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001301F8
    .text C:\Windows\System32\spoolsv.exe[2244] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001303FC
    .text C:\Windows\system32\taskeng.exe[2264] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2264] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2264] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2264] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2264] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2264] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2264] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[2264] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2264] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 002303FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00230600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00231014
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00230804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00230A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00230C0C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00230E10
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 002301F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00240600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00240804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00240A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002401F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2280] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002403FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00080600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00090600
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00090804
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00090A08
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2288] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2296] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2296] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2296] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00150600
    .text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00150804
    .text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00150A08
    .text C:\Windows\system32\svchost.exe[2296] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001501F8
    .text C:\Windows\system32\svchost.exe[2296] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001503FC
    .text C:\Windows\system32\svchost.exe[2340] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2340] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2340] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2340] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2340] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00BB0600
    .text C:\Windows\system32\svchost.exe[2340] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00BB0804
    .text C:\Windows\system32\svchost.exe[2340] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00BB0A08
    .text C:\Windows\system32\svchost.exe[2340] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 00BB01F8
    .text C:\Windows\system32\svchost.exe[2340] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 00BB03FC
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2348] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[2404] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001403FC
     
    eve2684,
    #12
  14. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001603FC
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00160600
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00161014
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00160804
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00160A08
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00160C0C
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00160E10
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001601F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2416] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001401F8
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001403FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[2452] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00170600
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2492] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001A03FC
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 001A0600
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 001A1014
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 001A0804
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 001A0A08
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 001A0C0C
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 001A0E10
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001A01F8
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 001B0600
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 001B0804
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 001B0A08
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001B01F8
    .text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2540] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001B03FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00170600
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2804] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001401F8
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001403FC
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001603FC
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00160600
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00161014
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00160804
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00160A08
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00160C0C
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00160E10
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001601F8
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe[2852] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00170600
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00180600
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00180804
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2904] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\agrsmsvc.exe[2908] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000801F8
    .text C:\Windows\system32\agrsmsvc.exe[2908] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000803FC
    .text C:\Windows\system32\agrsmsvc.exe[2908] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 000A0600
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 000A1014
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 000A0804
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 000A0A08
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 000A0C0C
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 000A0E10
    .text C:\Windows\system32\agrsmsvc.exe[2908] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\agrsmsvc.exe[2908] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 000B0600
    .text C:\Windows\system32\agrsmsvc.exe[2908] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 000B0804
    .text C:\Windows\system32\agrsmsvc.exe[2908] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\agrsmsvc.exe[2908] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\agrsmsvc.exe[2908] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\svchost.exe[2980] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2980] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2980] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3024] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00160600
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00161014
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00160804
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00160A08
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00160C0C
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00160E10
    .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3032] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001601F8
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001601F8
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001603FC
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00170600
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00180600
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00180804
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3084] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001803FC
    .text C:\Windows\System32\svchost.exe[3104] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[3104] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[3104] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[3104] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe[3140] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001703FC
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00170600
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00171014
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00170804
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00170A08
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00170C0C
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00170E10
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001701F8
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00180600
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00180804
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00180A08
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001801F8
    .text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[3196] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00180600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00180804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[3216] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001803FC
    .text C:\Windows\system32\svchost.exe[3228] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[3228] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[3228] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[3228] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 001D0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 001D0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 001D0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001D01F8
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001D03FC
     
    eve2684,
    #13
  15. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001E03FC
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 001E0600
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 001E1014
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 001E0804
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 001E0A08
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 001E0C0C
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 001E0E10
    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[3252] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001E01F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00080600
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00090600
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00090804
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00090A08
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000901F8
    .text C:\Program Files\iPod\bin\iPodService.exe[3412] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000903FC
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 002C03FC
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!DeleteService 75BBA07E 5 Bytes JMP 002C0600
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 002C1014
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 002C0804
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 002C0A08
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 002C0C0C
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 002C0E10
    .text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3440] Advapi32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 002C01F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001401F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001403FC
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 00DB03FC
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00DB0600
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00DB1014
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00DB0804
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00DB0A08
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00DB0C0C
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00DB0E10
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 00DB01F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00DC0600
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00DC0804
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00DC0A08
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 00DC01F8
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[3452] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 00DC03FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3576] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\ProgramData\DatacardService\HWDeviceService.exe[3784] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00270600
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00270804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00270A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002701F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002703FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 002803FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00280600
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00281014
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00280804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00280A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00280C0C
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00280E10
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3832] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 002801F8
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00270600
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00270804
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00270A08
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002701F8
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002703FC
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 002803FC
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00280600
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00281014
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00280804
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00280A08
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00280C0C
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00280E10
    .text C:\ProgramData\DatacardService\DCSHelper.exe[3872] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 002801F8
    .text C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe[3892] KERNEL32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00070600
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00070804
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00070A08
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00080600
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\AVG Secure Search\vprot.exe[4392] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 61085B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00070600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00070804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00070A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000703FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00080600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00081014
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00080804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00080A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00080C0C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00080E10
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4476] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000801F8
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 002401F8
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 002403FC
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!CreateServiceW 75BB9EB4 5 Bytes JMP 002603FC
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!DeleteService 75BBA07E 5 Bytes JMP 00260600
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00261014
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00260804
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00260A08
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00260C0C
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00260E10
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] ADVAPI32.DLL!CreateServiceA 75BF72A1 5 Bytes JMP 002601F8
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00270600
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00270804
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00270A08
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002701F8
    .text C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe[4596] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002703FC
    .text C:\Windows\System32\mobsync.exe[4764] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\System32\mobsync.exe[4764] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\System32\mobsync.exe[4764] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\mobsync.exe[4764] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\mobsync.exe[4764] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\System32\mobsync.exe[4764] USER32.dll!SetWindowsHookExW
     
    eve2684,
    #14
  16. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\System32\mobsync.exe[4764] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\System32\mobsync.exe[4764] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\System32\mobsync.exe[4764] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\ProgramData\DatacardService\DCSHelper.exe[4968] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00170600
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00170804
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00180600
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[5248] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 002C0600
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 002C0804
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 002C0A08
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002C01F8
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002C03FC
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 002B03FC
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 002B0600
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 002B1014
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 002B0804
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 002B0A08
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 002B0C0C
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 002B0E10
    .text C:\Program Files\Skype\Phone\Skype.exe[5364] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 002B01F8
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 001501F8
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 001503FC
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 002A03FC
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 002A0600
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 002A1014
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 002A0804
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 002A0A08
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 002A0C0C
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 002A0E10
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 002A01F8
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 002B0600
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 002B0804
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 002B0A08
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 002B01F8
    .text C:\Users\Customer\Downloads\d2gvdjk1.exe[6900] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 002B03FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 001303FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00130600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00131014
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00130804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00130A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00130C0C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00130E10
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 001301F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00140600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00140804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00140A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 001401F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 001403FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!SetWindowLongA 75E7E7CD 5 Bytes JMP 614701A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!SetWindowLongW 75E813B4 5 Bytes JMP 61470135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!GetWindowInfo 75E8428E 5 Bytes JMP 61200924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7040] USER32.dll!TrackPopupMenu 75E914F3 5 Bytes JMP 61200ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Windows\system32\WUDFHost.exe[7764] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\WUDFHost.exe[7764] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\WUDFHost.exe[7764] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\WUDFHost.exe[7764] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\WUDFHost.exe[7764] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\system32\WUDFHost.exe[7764] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\WUDFHost.exe[7764] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\WUDFHost.exe[7764] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\WUDFHost.exe[7764] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[8020] ntdll.dll!LdrLoadDll 76E59378 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[8020] ntdll.dll!LdrUnloadDll 76E6B680 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[8020] kernel32.dll!GetBinaryTypeW + 70 76A92467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!CreateServiceW 75BB9EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!DeleteService 75BBA07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!SetServiceObjectSecurity 75BF6CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!ChangeServiceConfigA 75BF6DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!ChangeServiceConfigW 75BF6F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!ChangeServiceConfig2A 75BF7099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!ChangeServiceConfig2W 75BF71E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[8020] ADVAPI32.dll!CreateServiceA 75BF72A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[8020] USER32.dll!SetWindowsHookExA 75E76322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[8020] USER32.dll!SetWindowsHookExW 75E787AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[8020] USER32.dll!UnhookWindowsHookEx 75E798DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[8020] USER32.dll!SetWinEventHook 75E79F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[8020] USER32.dll!UnhookWinEvent 75E7C06F 5 Bytes JMP 000803FC

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\services.exe[756] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000D0002
    IAT C:\Windows\system32\services.exe[756] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000D0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037aeef1c7
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037aeef1c7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00037aeef1c7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00037aeef1c7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00037aeef1c7 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
    eve2684,
    #15
  17. 2012/02/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I still need aswMBR log.

    Also...
    You're running two AV programs, AVG and Avast.
    One of them has to go.
    If AVG use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities
     
    broni,
    #16
  18. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-24 06:56:27
    -----------------------------
    06:56:27.313 OS Version: Windows 6.0.6002 Service Pack 2
    06:56:27.313 Number of processors: 2 586 0xF0D
    06:56:27.314 ComputerName: EAVAN UserName:
    06:56:28.564 Initialize success
    06:56:29.301 AVAST engine defs: 12022301
    06:56:35.346 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    06:56:35.348 Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 3
    06:56:35.351 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\RobsonImd-0
    06:56:35.353 Disk 1 Vendor: Size: 513MB BusType: 0
    06:56:35.387 Disk 0 MBR read successfully
    06:56:35.391 Disk 0 MBR scan
    06:56:35.395 Disk 0 Windows VISTA default MBR code
    06:56:35.398 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    06:56:35.402 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146033 MB offset 3074048
    06:56:35.414 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 5093 MB offset 302149632
    06:56:35.421 Disk 0 scanning sectors +312580096
    06:56:35.489 Disk 0 scanning C:\Windows\system32\drivers
    06:56:48.245 Service scanning
    06:56:53.370 Modules scanning
    06:56:56.633 Disk 0 trace - called modules:
    06:56:56.664 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys iaNvStor.sys
    06:56:56.669 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x880dcaa0]
    06:56:56.674 3 CLASSPNP.SYS[88efa8b3] -> nt!IofCallDriver -> [0x85a21798]
    06:56:56.679 5 acpi.sys[8364d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a22030]
    06:56:57.263 AVAST engine scan C:\Windows
    06:57:00.778 AVAST engine scan C:\Windows\system32
    07:01:48.626 AVAST engine scan C:\Windows\system32\drivers
    07:02:01.872 AVAST engine scan C:\Users\Customer
    07:28:58.839 AVAST engine scan C:\ProgramData
    07:33:50.650 Scan finished successfully
    07:38:24.903 Disk 0 MBR has been saved successfully to "C:\Users\Customer\Documents\MBR.dat "
    07:38:24.909 The log file has been saved successfully to "C:\Users\Customer\Documents\aswMBR1.txt "
     
    eve2684,
    #17
  19. 2012/02/23
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    removing AVG now
     
    eve2684,
    #18
  20. 2012/02/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter ".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt "

    ==========================================================

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
    broni,
    #19
  21. 2012/02/24
    eve2684

    eve2684 Inactive Thread Starter

    Joined:
    2012/01/24
    Messages:
    26
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Business Edition Service Pack 2 (build 6002), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;



    Press any key to quit...
     
    eve2684,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...