Inactive Resurrecting my old Fujitsu laptop w/XP

[Inactive] Resurrecting my old Fujitsu laptop w/XP

I want to see if I can bring my unused laptop running XP back to life. I'll run the various scans and post the logs but have some questions before I do that.
1) Is there a place on the forum to put a description of a SECOND system?
It is a Fujitsu laptop with Pentium 4 2.8 GHz, 736MB running XP SP2.
2) I wanted to install SP3 but was unable. The Windows Update when launched from the start menu tries to start up IE and fails by closing the IE window a split second after painting it.
3) Trying to update Windows from the tray icon launches but tries and fails to install a 2010 malware removal tool. Does this repeatedly.
3) I installed and then reinstalled IE8 but it closes immediately after launch.
4) The Windows search function fails with the message saying a file needed to run Search Companion is missing. I don't know how to fix that.


Unless someone suggests otherwise, I'll use Firefox to run and post the various scans and logs.

..Paul..

 

Hi, have you tried a System Restore to see if that will enable IE? Neil.

 

If I am going to reinstall Windows, is there any reason to go through the full suite of scans and log postings?

What I have done up till now:
1) This laptop has been unused for a year so lots of software was out of date. I uninstalled lots of software including all of Norton Internet Security. I had the problems mentioned in the first post in this thread.
2) I ran Malwarebytes, it reported two registry problems which it repaired. I can't find that log now.
3) I decided to start the full malware treatment as suggested in this forum.
4) Verified that Windows firewall was on. Downloaded free version of avast which ran to completion with no problems reported.
5) Ran Malwarebytes again. I can't find that log file either.
6) Ran GMER with log below.
7) Ran aswMBR with one log below. Other file produced was a .dat which did not contain text so I can't include it.
8) Ran dds. It did not complete after 40 minutes and seemed dead in the water. Had to power down to force reboot.
9) Ran dds again. Waited an hour. did not complete. Power down to reboot.
10) Any reason to push forward if I am going to reinstall Windows XP on this system?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-08 10:09:36
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6021GAS rev.GA025F
Running: 4sjfxzc8.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxroapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF10D2202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF1142D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF10F66C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF10D47F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF10D4848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF10D495E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF10F6075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF10D4746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF10D4898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF10D479A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF10D490C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF10D2226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF10F6D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF10F703D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF10D4BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF10F6BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF10F6A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF1142E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF10D1FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF10D224A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF10D4D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF10D2CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF10D4820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF10D4870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF10D4988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF10F63D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF10D4772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF10D4A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF10D48D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF10D47C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF10D4AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF10D4936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF1142ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF10F68D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF10D2BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF10F672A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF114B10E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF10F56E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF10D226E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF10D2292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF10D204A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF10D2186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF10F6E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF10D2162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF10D21AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF10D22B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF1158398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL B13F3943
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP F11557F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569DEA 4 Bytes CALL F10D3335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581EFE 7 Bytes JMP F115839C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A1132 5 Bytes JMP F1153D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF7576320]
.text win32k.sys!EngFreeUserMem + 674 BF809ACE 5 Bytes JMP F10D5CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FB49 5 Bytes JMP F10D5BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF825555 5 Bytes JMP F10D4F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8342D1 5 Bytes JMP F10D5E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4567 BF8369D9 5 Bytes JMP F10D6014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + ED7E BF8411F0 5 Bytes JMP F10D5B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + F667 BF841AD9 5 Bytes JMP F10D4FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + D226 BF85B57E 5 Bytes JMP F10D4E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF871090 5 Bytes JMP F10D5180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF87111B 5 Bytes JMP F10D5326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF8758B0 5 Bytes JMP F10D5BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894BF1 5 Bytes JMP F10D52FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B678D 5 Bytes JMP F10D5D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA199 5 Bytes JMP F10D4E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF704 5 Bytes JMP F10D5F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3275 5 Bytes JMP F10D503E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 5046 BF8EDCF3 5 Bytes JMP F10D50AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 52C6 BF8EDF73 5 Bytes JMP F10D50E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 74F7 BF8F01A4 5 Bytes JMP F10D4D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF912FBD 5 Bytes JMP F10D4EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913B91 5 Bytes JMP F10D5008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF9164F0 5 Bytes JMP F10D5440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191A BF9443B8 5 Bytes JMP F10D5ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[156] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8

 

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[216] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\Ati2evxx.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\Ati2evxx.exe[516] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\System32\Ati2evxx.exe[516] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\System32\Ati2evxx.exe[516] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\System32\Ati2evxx.exe[516] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\System32\Ati2evxx.exe[516] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\Ati2evxx.exe[516] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[564] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\csrss.exe[568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[568] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[592] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[592] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[592] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[592] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[592] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[592] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[592] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[592] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[636] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\services.exe[636] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\services.exe[636] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[636] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[636] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[636] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[636] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[648] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[648] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[648] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[648] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[648] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[648] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[648] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[796] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[796] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[844] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\snmp.exe[892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8
.text C:\WINDOWS\System32\snmp.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[892] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC
.text C:\WINDOWS\System32\snmp.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\snmp.exe[892] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[900] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[900] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[900] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cisvc.exe[1060] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cisvc.exe[1060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[1060] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cisvc.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\cisvc.exe[1060] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\cisvc.exe[1060] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\cisvc.exe[1060] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\cisvc.exe[1060] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\cisvc.exe[1060] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cisvc.exe[1060] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1292] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00901014
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00900804
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00900A08
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00900C0C
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00900E10
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 009001F8
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 009003FC
.text C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe[1308] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00900600
.text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[1324] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1324] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[1564] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1564] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1564] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1564] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1564] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1652] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\WINDOWS\AGRSMMSG.exe[1724] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\AGRSMMSG.exe[1724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[1724] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC

 

.text C:\WINDOWS\AGRSMMSG.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[1724] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\AGRSMMSG.exe[1724] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\AGRSMMSG.exe[1724] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\AGRSMMSG.exe[1724] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\AGRSMMSG.exe[1724] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\WINDOWS\AGRSMMSG.exe[1724] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Apoint2K\Apntex.exe[1752] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint2K\Apntex.exe[1752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Apoint2K\Apntex.exe[1752] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint2K\Apntex.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Apoint2K\Apntex.exe[1752] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Apoint2K\Apntex.exe[1752] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Apoint2K\Apntex.exe[1752] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Apoint2K\Apntex.exe[1752] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Apoint2K\Apntex.exe[1752] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint2K\HidFind.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Apoint2K\HidFind.exe[1792] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Apoint2K\HidFind.exe[1792] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Apoint2K\HidFind.exe[1792] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Apoint2K\HidFind.exe[1792] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Apoint2K\HidFind.exe[1792] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Apoint2K\HidFind.exe[1792] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint2K\Apoint.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[1796] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Apoint2K\Apoint.exe[1796] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Apoint2K\Apoint.exe[1796] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Apoint2K\Apoint.exe[1796] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Apoint2K\Apoint.exe[1796] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Apoint2K\Apoint.exe[1796] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00430A08
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00430804
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00430600
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 004301F8
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 004303FC
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00441014
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00440804
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00440A08
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00440C0C
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00440E10
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 004401F8
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 004403FC
.text C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE[1864] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00440600
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe[1892] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe[1904] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\alg.exe[2204] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2204] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2204] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2204] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\alg.exe[2204] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\alg.exe[2204] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\alg.exe[2204] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\alg.exe[2204] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2204] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wscntfy.exe[2772] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[2772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2772] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[2772] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2772] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wscntfy.exe[2772] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wscntfy.exe[2772] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wscntfy.exe[2772] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wscntfy.exe[2772] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002D1014
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002D0E10
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[2772] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002D0600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2800] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003D1014
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003D0804
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003D0A08
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003D0C0C
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003D0E10
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003D01F8
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003D03FC
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003D0600
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Owner\My Documents\Downloads\4sjfxzc8.exe[2952] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[3032] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wdfmgr.exe[3032] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wdfmgr.exe[3032] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[3032] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[3032] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[3032] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[3032] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\cidaemon.exe[3968] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\cidaemon.exe[3968] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[3968] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\cidaemon.exe[3968] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\cidaemon.exe[3968] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\cidaemon.exe[3968] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\cidaemon.exe[3968] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\cidaemon.exe[3968] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\cidaemon.exe[3968] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\cidaemon.exe[3968] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wuauclt.exe[4068] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[4068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[4068] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[4068] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wuauclt.exe[4068] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wuauclt.exe[4068] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[4068] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[4068] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[4068] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[4068] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[636] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005D0002
IAT C:\WINDOWS\system32\services.exe[636] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-08 12:53:31
-----------------------------
12:53:31.149 OS Version: Windows 5.1.2600 Service Pack 2
12:53:31.149 Number of processors: 1 586 0x209
12:53:31.159 ComputerName: LIFEBOOK UserName: Owner
12:53:35.215 Initialize success
12:53:35.575 AVAST engine defs: 11080800
12:54:03.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:54:03.245 Disk 0 Vendor: TOSHIBA_MK6021GAS GA025F Size: 57231MB BusType: 3
12:54:03.345 Disk 0 MBR read successfully
12:54:03.345 Disk 0 MBR scan
12:54:03.355 Disk 0 Windows XP default MBR code
12:54:03.375 Disk 0 scanning sectors +117210240
12:54:03.756 Disk 0 scanning C:\WINDOWS\system32\drivers
12:54:43.854 Service scanning
12:54:46.467 Modules scanning
12:55:22.018 Disk 0 trace - called modules:
12:55:22.049 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys aliide.sys PCIIDEX.SYS
12:55:22.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83783ab8]
12:55:22.049 3 CLASSPNP.SYS[f7aa205b] -> nt!IofCallDriver -> \Device\00000076[0x837239e8]
12:55:22.049 5 ACPI.sys[f79f8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83723b00]
12:55:24.442 AVAST engine scan C:\WINDOWS
12:57:57.432 AVAST engine scan C:\WINDOWS\system32
13:09:30.679 AVAST engine scan C:\WINDOWS\system32\drivers
13:10:53.067 AVAST engine scan C:\Documents and Settings\Owner
13:53:15.804 AVAST engine scan C:\Documents and Settings\All Users
13:55:48.083 Scan finished successfully
14:22:51.907 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat "
14:22:51.907 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt "


...Paul..

 

That's what I thought too. There was so much old software that did not all uninstall cleanly such that there are bits and pieces scattered everywhere. I have newer versions of most of the software and I have the install disks for most of the rest. Starting from scratch will be much easier.

I'll close this thread and start another one in the XP forum related to reinstalling XP. I have never reinstalled any operating system so I want to get some advice before I start.

Thanks.

..Paul..

 

Looking at the thread tools at the top of the thread, I don't see any option to mark this thread as resolved or closed. I guess on this forum that is an admin feature.