Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Freezing and rebooting


  • Please log in to reply

#16
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Chkdsk did not run again. Rebooted one more time and it still didn't run.
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Glad to hear that check disk is happy now.

clear the event logs as before and then reboot and run Vino's as before. Let's see what we have left.

Ron
  • 0

#18
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/11/2011 9:26:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/11/2011 2:22:18 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: 07384042

Log: 'System' Date/Time: 06/11/2011 2:22:11 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 06/11/2011 2:22:11 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 06/11/2011 2:21:43 PM
Type: Error Category: 0
Event: 5101 Source: Microsoft Antimalware
Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): ?11/?6/?2011 2:21:43 PM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/11/2011 2:25:36 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:25:00 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:24:56 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:24:13 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:23:55 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:23:55 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:23:55 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:22:17 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:22:02 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:22:02 PM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 06/11/2011 2:21:31 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 06/11/2011 2:20:40 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/11/2011 2:20:39 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
07384042
MCSTRM
     
:Commands
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Let's see if we can get GMER to run.

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#20
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the GMER Results Log:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-07 07:29:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: ylqps2mz.exe; Driver: C:\Users\Eleanor\AppData\Local\Temp\pxdiyfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x902E3374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x902E5996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x902E59EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x902E5B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x902E58EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x902E5A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x902E5940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x902E5AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x902E3398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x902E3162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x902E33BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x902E5EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x902E3E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x902E59C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x902E5A16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x902E5B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x902E5918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x902E5A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x902E596E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x902E5ADC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x902E3D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x902E33E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x902E3404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x902E31BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x902E32F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x902E32D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x902E331C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x90A0D640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x902E3428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90AA79A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 830B0890 4 Bytes [74, 33, 2E, 90]
.text ntkrnlpa.exe!KeSetEvent + 1D1 830B0954 8 Bytes [96, 59, 2E, 90, EE, 59, 2E, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 830B0960 4 Bytes [04, 5B, 2E, 90]
.text ntkrnlpa.exe!KeSetEvent + 1F5 830B0978 4 Bytes [EC, 58, 2E, 90]
.text ntkrnlpa.exe!KeSetEvent + 215 830B0998 8 Bytes [3E, 5A, 2E, 90, 40, 59, 2E, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 831DB62F 5 Bytes JMP 90AA33DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 83234543 5 Bytes JMP 90AA4E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8323DE68 4 Bytes CALL 902E44C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83241ADC 4 Bytes CALL 902E44DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83295DCA 7 Bytes JMP 90AA79AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D200380, 0x3590D2, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\DellTPad\Apoint.exe[348] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\DellTPad\Apoint.exe[348] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\DellTPad\Apoint.exe[348] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\DellTPad\Apoint.exe[348] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Program Files\DellTPad\Apoint.exe[348] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Program Files\DellTPad\Apoint.exe[348] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Program Files\DellTPad\Apoint.exe[348] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Program Files\DellTPad\Apoint.exe[348] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\DellTPad\Apoint.exe[348] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[360] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[360] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[360] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[528] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00110600
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00110804
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00110A08
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001101F8
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001103FC
.text C:\Windows\system32\svchost.exe[552] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[552] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[552] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[552] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[552] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[552] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[552] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\csrss.exe[564] KERNEL32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[616] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[616] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[616] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[616] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[616] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\services.exe[660] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[660] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[660] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[660] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[660] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[660] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[660] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[672] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[672] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[672] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[792] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[792] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 000A0600
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000A03FC
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 002603FC
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00260600
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00261014
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00260804
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00260A08
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00260C0C
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00260E10
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 002601F8
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00270600
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00270804
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00270A08
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 002701F8
.text C:\Users\Eleanor\Desktop\ylqps2mz.exe[804] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00190804
.text C:\Windows\system32\svchost.exe[860] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[860] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[860] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[936] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00200804
.text C:\Windows\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00200A08
.text C:\Windows\system32\svchost.exe[940] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 002001F8
.text C:\Windows\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1108] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00130600
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00130804
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00130A08
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001301F8
.text C:\Windows\System32\svchost.exe[1136] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001303FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1180] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe[1196] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 005F0600
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 005F0804
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 005F0A08
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 005F01F8
.text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 005F03FC
.text C:\Windows\system32\CTsvcCDA.exe[1224] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\CTsvcCDA.exe[1224] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\CTsvcCDA.exe[1224] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\CTsvcCDA.exe[1224] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Windows\system32\CTsvcCDA.exe[1224] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Windows\system32\CTsvcCDA.exe[1224] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\CTsvcCDA.exe[1224] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\CTsvcCDA.exe[1224] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\CTsvcCDA.exe[1224] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 006E0600
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 006E0804
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 006E0A08
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 006E01F8
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 006E03FC
.text C:\Windows\system32\AUDIODG.EXE[1396] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1460] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 005303FC
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00530600
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00531014
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00530804
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00530A08
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00530C0C
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00530E10
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 005301F8
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00C70600
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00C70804
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00C70A08
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 00C701F8
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 00C703FC
.text C:\Program Files\DellTPad\Apntex.exe[1548] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\DellTPad\Apntex.exe[1548] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\DellTPad\Apntex.exe[1548] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\DellTPad\Apntex.exe[1548] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Program Files\DellTPad\Apntex.exe[1548] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Program Files\DellTPad\Apntex.exe[1548] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Program Files\DellTPad\Apntex.exe[1548] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Program Files\DellTPad\Apntex.exe[1548] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\DellTPad\Apntex.exe[1548] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\aestsrv.exe[1564] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\aestsrv.exe[1564] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\aestsrv.exe[1564] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\aestsrv.exe[1564] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1672] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00B70600
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00B70804
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00B70A08
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 00B701F8
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 00B703FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 77C1A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1784] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1812] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1812] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1812] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[1812] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[1812] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1812] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1812] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WLANExt.exe[1812] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1812] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Program Files\DellTPad\HidFind.exe[1824] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\DellTPad\HidFind.exe[1824] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\DellTPad\HidFind.exe[1824] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\DellTPad\HidFind.exe[1824] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Program Files\DellTPad\HidFind.exe[1824] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Program Files\DellTPad\HidFind.exe[1824] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Program Files\DellTPad\HidFind.exe[1824] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Program Files\DellTPad\HidFind.exe[1824] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\DellTPad\HidFind.exe[1824] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1964] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 00DB03FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00DB0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00DB1014
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00DB0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00DB0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00DB0C0C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00DB0E10
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 00DB01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00DC0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00DC0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00DC0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 00DC01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2060] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 00DC03FC
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 002D0600
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 002D0804
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 002D0A08
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 002D01F8
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 002D03FC
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 002E03FC
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 002E0600
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 002E1014
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 002E0804
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 002E0A08
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 002E0C0C
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 002E0E10
.text C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe[2152] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 002E01F8
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00190600
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00190804
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00190A08
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe[2212] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 005303FC
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00530600
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00531014
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00530804
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00530A08
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00530C0C
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00530E10
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 005301F8
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00DE0600
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00DE0804
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00DE0A08
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 00DE01F8
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 00DE03FC
.text C:\Windows\System32\svchost.exe[2304] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2304] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2304] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[2304] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00630600
.text C:\Windows\System32\svchost.exe[2304] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00630804
.text C:\Windows\System32\svchost.exe[2304] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00630A08
.text C:\Windows\System32\svchost.exe[2304] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 006301F8
.text C:\Windows\System32\svchost.exe[2304] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 006303FC
.text C:\Windows\OEM02Mon.exe[2328] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Windows\OEM02Mon.exe[2328] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Windows\OEM02Mon.exe[2328] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\OEM02Mon.exe[2328] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Windows\OEM02Mon.exe[2328] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Windows\OEM02Mon.exe[2328] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Windows\OEM02Mon.exe[2328] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Windows\OEM02Mon.exe[2328] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Windows\OEM02Mon.exe[2328] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[2356] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2356] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2356] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2356] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 01970600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 01970804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 01970A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 019701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2364] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 019703FC
.text C:\Windows\system32\svchost.exe[2372] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2372] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2372] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 001D0600
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 001D0804
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 001D0A08
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001D01F8
.text C:\Windows\system32\svchost.exe[2372] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001D03FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00161014
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00160C0C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00160E10
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2396] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 002803FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00280600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00281014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00280804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00280A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00280C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00280E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2432] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 002801F8
.text C:\Windows\system32\STacSV.exe[2448] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\STacSV.exe[2448] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\STacSV.exe[2448] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\STacSV.exe[2448] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\STacSV.exe[2448] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Windows\system32\STacSV.exe[2448] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Windows\system32\STacSV.exe[2448] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\STacSV.exe[2448] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\STacSV.exe[2448] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Windows\ehome\ehmsas.exe[2468] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[2468] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[2468] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[2468] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[2468] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[2468] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[2468] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[2468] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[2468] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[2480] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2480] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2480] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[2480] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[2480] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00090600
.text C:\Windows\ehome\ehtray.exe[2480] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00090804
.text C:\Windows\ehome\ehtray.exe[2480] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00090A08
.text C:\Windows\ehome\ehtray.exe[2480] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000901F8
.text C:\Windows\ehome\ehtray.exe[2480] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000903FC
.text C:\Windows\System32\rundll32.exe[2500] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[2500] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[2500] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2500] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Windows\System32\rundll32.exe[2500] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Windows\System32\rundll32.exe[2500] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\rundll32.exe[2500] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\rundll32.exe[2500] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\rundll32.exe[2500] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00290600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00290804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00290A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 002901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 002903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 002A03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 002A0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 002A1014
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 002A0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 002A0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 002A0C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 002A0E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2504] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 002A01F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2784] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2812] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2812] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2812] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2812] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2848] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2848] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2848] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Windows\System32\svchost.exe[2848] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2856] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2864] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[2920] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2928] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2928] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2928] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2928] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchIndexer.exe[2928] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[2928] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[2928] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[2928] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001003FC
.text C:\Windows\System32\rundll32.exe[3024] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[3024] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[3024] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3024] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00070600
.text C:\Windows\System32\rundll32.exe[3024] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00070804
.text C:\Windows\System32\rundll32.exe[3024] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00070A08
.text C:\Windows\System32\rundll32.exe[3024] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[3024] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\rundll32.exe[3024] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3028] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001603FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00270600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00270804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00270A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 002701F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 002703FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00280600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00281014
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00280804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00280A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00280C0C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00280E10
.text C:\Windows\System32\rundll32.exe[3156] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[3156] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[3156] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3156] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00070600
.text C:\Windows\System32\rundll32.exe[3156] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00070804
.text C:\Windows\System32\rundll32.exe[3156] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00070A08
.text C:\Windows\System32\rundll32.exe[3156] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[3156] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\rundll32.exe[3156] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3232] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00300804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00300A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 003001F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 003003FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00310600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00311014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00310C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00310E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 003101F8
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3648] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[3648] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[3648] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[3648] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[3648] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[3648] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3648] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3656] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3704] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[3800] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3800] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3800] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3800] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000903FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00090600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00091014
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00090804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00090A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00090C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00090E10
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3816] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3836] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[3856] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001403FC
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00160600
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00160804
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00160A08
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Digital Line Detect\DLG.exe[3880] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\Dwm.exe[3920] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3920] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3920] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3920] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3920] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3920] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3920] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3920] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3932] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3932] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3932] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3932] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3932] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3932] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3932] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3932] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3932] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 001A0600
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 001A0804
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 001A0A08
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001A03FC
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001B03FC
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 001B0600
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 001B1014
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 001B0804
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 001B0A08
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 001B0C0C
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 001B0E10
.text C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe[3952] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001B01F8
.text C:\Windows\Explorer.EXE[3968] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3968] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3968] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3968] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3968] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3968] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3968] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3968] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3968] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00190600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00190804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00190A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3972] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\taskeng.exe[4044] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[4044] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[4044] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[4044] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[4044] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[4044] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[4044] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[4044] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[4044] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000803FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\DellTPad\ApMsgFwd.exe[4088] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00170600
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00170804
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00170A08
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 001701F8
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 001703FC
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 001803FC
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00180600
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00181014
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00180804
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00180A08
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00180C0C
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00180E10
.text C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe[4108] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000601F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00070600
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00070804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00070A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000701F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000703FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4200] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00380600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00380804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00380A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 003801F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 003803FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 00E603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00E60600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00E61014
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00E60804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00E60A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00E60C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00E60E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4284] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 00E601F8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 003103FC
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00310600
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00311014
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00310804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00310A08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00310C0C
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00310E10
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 003101F8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00320600
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00320804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00320A08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 003201F8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4348] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 003203FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4436] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\wuauclt.exe[4508] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[4508] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[4508] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4508] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[4508] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[4508] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[4508] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[4508] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[4508] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 000801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] kernel32.dll!GetBinaryTypeW + 70 77C42467 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] USER32.dll!SetWindowsHookExA 76476322 5 Bytes JMP 00290600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] USER32.dll!SetWindowsHookExW 764787AD 5 Bytes JMP 00290804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] USER32.dll!UnhookWindowsHookEx 764798DB 5 Bytes JMP 00290A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] USER32.dll!SetWinEventHook 76479F3A 5 Bytes JMP 002901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] USER32.dll!UnhookWinEvent 7647C06F 5 Bytes JMP 002903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!CreateServiceW 77E49EB4 5 Bytes JMP 002A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!DeleteService 77E4A07E 5 Bytes JMP 002A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!SetServiceObjectSecurity 77E86CD9 5 Bytes JMP 002A1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!ChangeServiceConfigA 77E86DD9 5 Bytes JMP 002A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!ChangeServiceConfigW 77E86F81 5 Bytes JMP 002A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!ChangeServiceConfig2A 77E87099 5 Bytes JMP 002A0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!ChangeServiceConfig2W 77E871E1 5 Bytes JMP 002A0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4888] ADVAPI32.dll!CreateServiceA 77E872A1 5 Bytes JMP 002A01F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A9A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A78395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74ACCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3968] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\BTHUSB \Device\000000d0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
'
]
AttachedDevice \Driver\tdx \Device\Udp \ aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce4fdcc
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce4fdcc (not active ControlSet)

---- EOF - GMER 1.0.15 ----
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
GMER didn't seem to find anything.

uninstall
Malwarebytes' Anti-Malware version 1.51.2.1300

Then clear the events, reboot and run Vino's again.

Ron
  • 0

#22
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I uninstalled Malwarebytes' Anti-Malware version 1.51.2.1300 and cleared the event logs and then rebooted.

I got an error on the reboot which told me to reboot from the CD and repair, which I did. ("a windows boot configuration data file is missing required information")

Ran Vino's again:

Here is the System Output Log:


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/11/2011 12:26:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2011 5:17:20 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 08/11/2011 5:16:43 PM
Type: Error Category: 0
Event: 5101 Source: Microsoft Antimalware
Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): ?11/?8/?2011 5:16:43 PM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2011 5:16:31 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 08/11/2011 4:50:26 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 08/11/2011 4:50:25 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Here is the Application Output Log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 08/11/2011 12:23:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/11/2011 4:50:06 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-846242405-2255293798-2596077637-1000_Classes:
Process 568 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-846242405-2255293798-2596077637-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Don't know why it should have complained because you uninstalled MBAM. Could you uninstall

Microsoft Antimalware? and repeat the event clearing and Vino's.

Ron
  • 0

#24
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I don't see Antimalware on my Programs list. I did find a folder under my Program Files /Microsoft Security Client/Antimalware. Should I just delete that?
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
MSSE is not working right.


Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

It would not be a bad idea to let Avast run a boot-time scan. IT does take a while but it is very good.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Clear your event logs, reboot and run Vino's again. Let's see if uninstalling MSSE did the trick.

Ron
  • 0

Advertisements


#26
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ron,

I already uninstalled Microsoft Security Essentials and installed Avast per your earlier instructions. Should I delete the Microsoft Security Client Program File?
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Try http://support.micro....com/kb/2435760 and run the FIXIT for me program.
  • 0

#28
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sorry for the delay, was out of town for the weekend...
I tried the fixit program. it will say that the program was processed but the Microsoft Security Client folder is still there.
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Run OTL, Quickscan and post the log.
  • 0

#30
Raven.Drive.mom

Raven.Drive.mom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 11/14/2011 8:54:26 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eleanor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.83% Memory free
4.23 Gb Paging File | 2.93 Gb Available in Paging File | 69.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 157.37 Gb Free Space | 71.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.98 Gb Free Space | 29.80% Space Free | Partition Type: NTFS
Drive E: | 3.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ELEANOR-PC | User Name: Eleanor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 11:31:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
PRC - [2011/10/20 16:02:55 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/19 10:09:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/02 12:48:22 | 000,139,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/22 18:22:20 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/11/13 12:17:38 | 000,439,616 | ---- | M] () -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/01 23:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/03 00:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/11/01 16:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/24 04:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 04:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 04:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 04:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/11/27 10:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/03 18:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 18:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/13 22:22:04 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/13 22:22:04 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/23 22:25:52 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/19 11:37:23 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/05/18 14:20:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/12/10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006/11/20 14:29:10 | 000,101,376 | ---- | M] () -- C:\Windows\System32\APOMngr.dll
MOD - [2006/11/13 11:07:34 | 000,066,560 | ---- | M] () -- C:\Windows\System32\CmdRtr.dll
MOD - [2006/11/03 18:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 18:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/09/19 10:09:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 18:22:20 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/11/13 12:17:38 | 000,439,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/01 23:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 23:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2011/09/19 10:09:01 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/19 10:09:01 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/28 18:27:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/12 06:13:32 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2009/08/12 06:13:32 | 000,113,680 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2009/08/12 06:13:32 | 000,054,416 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2009/08/12 06:13:28 | 000,160,272 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2009/08/12 06:13:28 | 000,011,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWFLT.sys -- (PTDUWFLT)
DRV - [2009/05/25 14:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/04/23 15:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/01 23:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 00:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 00:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/25 03:40:58 | 007,617,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/08/13 04:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/27 02:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 02:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 02:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eleanor\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PayPal\PayPal Plug-In [2009/07/01 19:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 02:06:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Eleanor\AppData\Roaming\Move Networks [2010/04/15 14:48:33 | 000,000,000 | ---D | M]

[2009/03/09 22:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eleanor\AppData\Roaming\Mozilla\Extensions
[2009/03/09 22:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eleanor\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Eleanor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eleanor\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Eleanor\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/31 11:13:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Free TV Bar c3 Toolbar) - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar c3 Toolbar) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - C:\Program Files\Free_TV_Bar_c3\tbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Eleanor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Eleanor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B0BD43-60C3-47FB-9C7E-292BE013B0A5}: NameServer = 66.174.95.44 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90A8B256-62D3-4693-BA2E-468926491517}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C227C1FB-8BB0-4A3E-8A16-8B1ABF41F118}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Eleanor\Pictures\IMG00003-20100627-2039.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eleanor\Pictures\IMG00003-20100627-2039.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/19 15:00:00 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 17:10:50 | 000,000,000 | ---D | C] -- C:\802e3a9706177c25a3
[2011/11/08 12:25:03 | 000,000,000 | ---D | C] -- C:\Users\Eleanor\Desktop\logs
[2011/11/03 11:58:24 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/11/02 15:47:47 | 000,061,440 | ---- | C] ( ) -- C:\Users\Eleanor\Desktop\VEW.exe
[2011/11/01 21:42:58 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/01 21:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/01 21:42:57 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/01 21:42:53 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/01 21:42:52 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/01 21:42:51 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/01 21:42:51 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/01 21:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/01 21:41:26 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/01 21:41:25 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/01 20:55:49 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/11/01 20:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/01 20:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/31 11:51:50 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Eleanor\Desktop\aswMBR.exe
[2011/10/31 11:35:08 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/10/31 11:25:42 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eleanor\Desktop\tdsskiller.exe
[2011/10/31 11:19:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/31 10:47:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/31 10:47:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/31 10:47:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/31 10:47:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/31 10:47:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 10:45:19 | 004,278,520 | R--- | C] (Swearware) -- C:\Users\Eleanor\Desktop\ComboFix.exe
[2011/10/31 09:43:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/25 11:30:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
[2011/10/25 09:00:36 | 000,000,000 | ---D | C] -- C:\found.001
[2011/10/21 11:37:37 | 000,000,000 | ---D | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2011/11/14 08:50:38 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000UA.job
[2011/11/14 08:50:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/13 22:25:21 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2011/11/13 22:25:20 | 000,005,452 | ---- | M] () -- C:\FixitRegBackup.reg
[2011/11/13 22:25:11 | 006,726,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/13 22:25:11 | 002,294,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/13 22:20:18 | 000,027,525 | ---- | M] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.001
[2011/11/13 22:19:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 22:19:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 22:18:43 | 2143,350,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 19:57:08 | 000,044,544 | ---- | M] () -- C:\Users\Eleanor\Desktop\Listing Contest1.pdf
[2011/11/13 19:43:42 | 000,015,823 | ---- | M] () -- C:\Users\Eleanor\Desktop\listingcontestrevisedattachments.zip
[2011/11/13 19:29:58 | 000,002,054 | ---- | M] () -- C:\Users\Eleanor\Desktop\Google Chrome.lnk
[2011/11/13 19:29:58 | 000,002,016 | ---- | M] () -- C:\Users\Eleanor\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/13 19:22:39 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-846242405-2255293798-2596077637-1000Core.job
[2011/11/12 20:11:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/10 17:21:33 | 310,459,583 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/09 12:39:42 | 000,027,648 | ---- | M] () -- C:\Users\Eleanor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 16:38:10 | 000,468,528 | ---- | M] () -- C:\Users\Eleanor\Desktop\Quik Jon Installation Instructions.pdf
[2011/11/08 16:35:00 | 000,739,954 | ---- | M] () -- C:\Users\Eleanor\Desktop\Pump.pdf
[2011/11/06 21:25:20 | 000,302,592 | ---- | M] () -- C:\Users\Eleanor\Desktop\ylqps2mz.exe
[2011/11/04 08:41:50 | 000,365,945 | ---- | M] () -- C:\Users\Eleanor\Desktop\stmt-1545962[1].pdf
[2011/11/04 08:41:26 | 000,431,989 | ---- | M] () -- C:\Users\Eleanor\Desktop\stmt-1483980[1].pdf
[2011/11/02 15:47:49 | 000,061,440 | ---- | M] ( ) -- C:\Users\Eleanor\Desktop\VEW.exe
[2011/11/01 21:42:59 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/01 21:42:51 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/01 20:30:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/01 20:12:10 | 059,854,808 | ---- | M] () -- C:\Users\Eleanor\Desktop\setup_av_free_cnet.exe
[2011/10/31 11:51:51 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Eleanor\Desktop\aswMBR.exe
[2011/10/31 11:25:46 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eleanor\Desktop\tdsskiller.exe
[2011/10/31 11:13:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/31 10:45:31 | 004,278,520 | R--- | M] (Swearware) -- C:\Users\Eleanor\Desktop\ComboFix.exe
[2011/10/31 09:23:15 | 000,298,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/25 11:31:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eleanor\Desktop\OTL.exe
[2011/10/24 18:09:36 | 000,042,374 | ---- | M] () -- C:\Users\Eleanor\Documents\190935.jpg
[2011/10/24 18:09:02 | 000,068,486 | ---- | M] () -- C:\Users\Eleanor\Documents\190900.jpg
[2011/10/24 18:08:39 | 000,044,394 | ---- | M] () -- C:\Users\Eleanor\Documents\190837.jpg
[2011/10/24 18:08:12 | 000,032,974 | ---- | M] () -- C:\Users\Eleanor\Documents\190811.jpg
[2011/10/23 21:25:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/23 21:25:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

========== Files Created - No Company Name ==========

[2011/11/13 22:25:21 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2011/11/13 21:17:16 | 000,005,452 | ---- | C] () -- C:\FixitRegBackup.reg
[2011/11/13 19:57:06 | 000,044,544 | ---- | C] () -- C:\Users\Eleanor\Desktop\Listing Contest1.pdf
[2011/11/13 19:43:35 | 000,015,823 | ---- | C] () -- C:\Users\Eleanor\Desktop\listingcontestrevisedattachments.zip
[2011/11/08 16:38:09 | 000,468,528 | ---- | C] () -- C:\Users\Eleanor\Desktop\Quik Jon Installation Instructions.pdf
[2011/11/08 16:34:59 | 000,739,954 | ---- | C] () -- C:\Users\Eleanor\Desktop\Pump.pdf
[2011/11/06 21:25:19 | 000,302,592 | ---- | C] () -- C:\Users\Eleanor\Desktop\ylqps2mz.exe
[2011/11/04 08:41:50 | 000,365,945 | ---- | C] () -- C:\Users\Eleanor\Desktop\stmt-1545962[1].pdf
[2011/11/04 08:41:26 | 000,431,989 | ---- | C] () -- C:\Users\Eleanor\Desktop\stmt-1483980[1].pdf
[2011/11/01 21:42:59 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/01 20:12:09 | 059,854,808 | ---- | C] () -- C:\Users\Eleanor\Desktop\setup_av_free_cnet.exe
[2011/10/31 10:47:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/31 10:47:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/31 10:47:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/31 10:47:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/31 10:47:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/25 09:16:08 | 2143,350,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 18:11:54 | 000,068,486 | ---- | C] () -- C:\Users\Eleanor\Documents\190900.jpg
[2011/10/24 18:11:54 | 000,044,394 | ---- | C] () -- C:\Users\Eleanor\Documents\190837.jpg
[2011/10/24 18:11:54 | 000,042,374 | ---- | C] () -- C:\Users\Eleanor\Documents\190935.jpg
[2011/10/24 18:11:54 | 000,032,974 | ---- | C] () -- C:\Users\Eleanor\Documents\190811.jpg
[2011/10/23 21:25:17 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/23 21:25:17 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/07 20:06:56 | 000,000,552 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\d3d8caps.dat
[2011/05/23 06:56:31 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/12/16 21:08:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/16 21:08:44 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/12/16 21:08:44 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/12/16 21:08:44 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/12/16 21:08:44 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/12/16 21:08:44 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/12/16 21:08:44 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/12/16 21:08:44 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/12/16 21:08:44 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/12/16 21:08:44 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/12/16 21:08:44 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/12/16 21:08:44 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/12/16 21:08:44 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/12/16 21:08:44 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/12/16 21:08:44 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/12/16 21:08:44 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/12/16 21:06:39 | 000,000,044 | ---- | C] () -- C:\Windows\EPSPR280.ini
[2010/08/08 15:45:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/08/03 18:58:19 | 000,000,004 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\D1B35E
[2010/08/03 18:58:18 | 000,870,128 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\mcs.rma
[2010/05/05 07:48:34 | 000,135,110 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2010/05/05 07:48:34 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2010/05/05 07:48:19 | 000,010,385 | ---- | C] () -- C:\Windows\hpwscr10.dat
[2010/05/05 07:48:19 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2009/11/09 21:31:57 | 000,148,929 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/11/09 21:31:37 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/11/06 14:31:15 | 000,155,648 | ---- | C] () -- C:\Windows\System32\hpsfs.dll
[2009/11/04 16:51:46 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/09/18 06:27:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 06:27:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/14 18:22:33 | 000,134,266 | ---- | C] () -- C:\Windows\hpwins10.dat
[2009/02/17 20:42:59 | 000,007,592 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\d3d9caps.dat
[2009/01/31 09:16:10 | 000,027,525 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.001
[2009/01/31 02:40:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/29 21:30:14 | 000,027,525 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\nvModes.dat
[2009/01/28 22:13:40 | 000,009,926 | ---- | C] () -- C:\Users\Eleanor\AppData\Roaming\wklnhst.dat
[2009/01/28 21:50:46 | 000,027,648 | ---- | C] () -- C:\Users\Eleanor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 01:55:35 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/01/22 18:28:52 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/01/22 18:22:57 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009/01/22 18:22:56 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009/01/22 18:22:56 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2009/01/22 18:04:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/04/09 17:00:30 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/01/03 07:10:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,298,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 006,726,102 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 002,294,284 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/20 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Auslogics
[2010/05/05 07:32:10 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/13 22:22:10 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Dropbox
[2010/12/17 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Leadertech
[2011/07/03 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\LimeWire
[2010/05/07 16:05:08 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\OpenOffice.org
[2010/04/22 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Research In Motion
[2010/04/07 09:32:56 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Smith Micro
[2011/11/12 22:29:13 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Spotify
[2009/01/28 22:13:55 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\Template
[2009/02/14 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\tmp
[2009/04/13 17:51:39 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\TokBox-Desktop.140E496FAF651FC6D79F73D360E855D4667C7B11.1
[2011/06/21 10:01:59 | 000,000,000 | ---D | M] -- C:\Users\Eleanor\AppData\Roaming\webex
[2011/11/13 22:25:21 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2011/11/12 20:11:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:14DAD114
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:223BB3A1

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP