Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 RavanJedi

RavanJedi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 30 March 2011 - 04:06 AM

I'm running an HP TC4200 on XP Tablet at the moment, and I've started having a google redirect issue. The initial Malware began when I loaned my computer to a friend-- it came back, I turned it on, and a series of DOS windows popped up. I immediately rebooted into safe mode and ran an Avast scan, as well as a Malwarebytes and a SpyBot scan. They came up with a few issues, I allowed them to fix it, and the computer was fine for a few days. However, the internet largely stopped working-- as in, it would connect to a 'remote connection' and not allow me to disconnect unless I rebooted. As of today, I can no longer click on links in Google. It redirects me to largely random pages. I can copy-paste the URL, but I cannot click it. If I run Avast, it finds nothing of note, and Malwarebytes hasn't found something for the last scan. Occasionally, I will get a generalized Win32 error, which shuts off Firefox (I have to use Firefox for my online job-- generally, I use Chrome). After that, my taskbar will change colors to the Windows 98 grey style, and then the entire browser will freeze.

Today, Avast has also been going nuts finding threats in my svchost.exe file. It's about three warnings every few hours. Per forum request, I've run GMER, as well as DDS.

====

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 1:15:09.39 on Wed 03/30/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1091 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\sticky~1.lnk - c:\windows\system32\stikynot.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\b008d1z2.default\
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-29 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-29 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-29 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-29 42184]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-10-26 87936]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-10-26 35968]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-1-22 34736]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-29 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WacomISDPen;Wacom Penabled HID MiniDriver;c:\windows\system32\drivers\wacomisdpen.sys [2007-10-25 23936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-29 22:01:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 22:01:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 09:31:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-29 09:31:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-29 08:51:38 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-29 08:51:37 -------- d-----w- c:\program files\Trend Micro
2011-03-29 08:50:01 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 08:49:28 40648 ----a-w- c:\windows\avastSS.scr
2011-03-26 01:40:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-26 01:40:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-26 00:03:27 -------- d-----w- c:\program files\AVAST Software
2011-03-26 00:03:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-25 23:19:46 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-03-25 23:19:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-25 23:19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 23:18:38 0 ----a-w- c:\windows\Irodamuza.bin
2011-03-25 23:18:35 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\{52A228A1-B5CB-411F-B42E-2359055852C2}
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541060G9AT00 rev.MB3OA60A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D54439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d5a7d0]; MOV EAX, [0x89d5a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x89DC5AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000086[0x89D7D9E8]
5 ACPI[0xF7253620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x89DC6940]
\Driver\atapi[0x89DC44C8] -> IRP_MJ_CREATE -> 0x89D54439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS541060G9AT00_________________________MB3OA60A#5&392b7317&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89D5427F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 1:22:54.25 ===============

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-30 01:57:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 HTS541060G9AT00 rev.MB3OA60A
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwtcipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9B2029CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9B257A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x9B222AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9B204EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9B204F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9B20501A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9B2224A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9B204E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9B204F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9B204E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9B204FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9B2029EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9B2231BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9B223471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9B20529E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9B223026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9B222E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9B257B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9B2027B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9B202A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9B205412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9B2034AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9B204EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9B204F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9B205044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9B222805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9B204E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9B2050D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9B204F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9B204E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9B2051BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9B204FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9B257BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9B222D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9B203370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9B222B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x9B25FE26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9B221B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9B202A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9B202A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9B202812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9B20294E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9B2232C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9B20292A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9B202972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9B202A7E]

INT 0x62 ? 89DFEBF8
INT 0x73 ? 89A41F00
INT 0x73 ? 89A41F00
INT 0xB4 ? 89A41F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9B26C8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL 9B203E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP 9B26829E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP 9B269D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP 9B26C8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? sppv.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F58DC8AC 5 Bytes JMP 89A414E0
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF56A4DBF]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\spoolsv.exe[364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0030015C
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00300198
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\spoolsv.exe[364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\spoolsv.exe[364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\spoolsv.exe[364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\spoolsv.exe[364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\spoolsv.exe[364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\spoolsv.exe[364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0031006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0176000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0177000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0175000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008001D4
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008000E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00800120
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0080015C
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00800198
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00800030
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0080006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008000A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008100E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00810120
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 008100A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00810030
.text C:\Program Files\Mozilla Firefox\firefox.exe[388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0081006C
.text C:\WINDOWS\System32\SCardSvr.exe[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\SCardSvr.exe[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\SCardSvr.exe[424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\WINDOWS\System32\SCardSvr.exe[424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\WINDOWS\System32\SCardSvr.exe[424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\WINDOWS\System32\SCardSvr.exe[424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\WINDOWS\System32\SCardSvr.exe[424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\System32\SCardSvr.exe[424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\hkcmd.exe[540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\hkcmd.exe[540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\WINDOWS\system32\hkcmd.exe[540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\WINDOWS\system32\hkcmd.exe[540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\WINDOWS\system32\hkcmd.exe[540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\WINDOWS\system32\hkcmd.exe[540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\WINDOWS\system32\hkcmd.exe[540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\WINDOWS\system32\hkcmd.exe[540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\AGRSMMSG.exe[624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\AGRSMMSG.exe[624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\AGRSMMSG.exe[624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\WINDOWS\AGRSMMSG.exe[624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\WINDOWS\AGRSMMSG.exe[624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\WINDOWS\AGRSMMSG.exe[624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\WINDOWS\AGRSMMSG.exe[624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\WINDOWS\AGRSMMSG.exe[624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[684] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\winlogon.exe[908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\winlogon.exe[908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\winlogon.exe[908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\winlogon.exe[908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\winlogon.exe[908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\winlogon.exe[908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\winlogon.exe[908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D0000A
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D1000A
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CF000C
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\System32\svchost.exe[1236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0192000A
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0193000A
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0194000A
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\System32\svchost.exe[1236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\System32\svchost.exe[1236] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D9000A
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\igfxtray.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\igfxtray.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\igfxtray.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\WINDOWS\system32\igfxtray.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\WINDOWS\system32\igfxtray.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\WINDOWS\system32\igfxtray.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\WINDOWS\system32\igfxtray.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\igfxtray.exe[1324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003000E4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300120
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003000A8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00300030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D0030
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D006C
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 01121B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003401D4
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003400E4
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00340120
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0034015C
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00340198
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00340030
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0034006C
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003400A8
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003500E4
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00350120
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003500A8
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00350030
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0035006C
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1880] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\gmer\gmer.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\gmer\gmer.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E00E4
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0120
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E00A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E0030
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003001D4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003000E4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00300120
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0030015C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00300198
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00300030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0030006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003000A8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003100E4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00310120
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003100A8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00310030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0031006C
.text C:\WINDOWS\System32\alg.exe[2316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[2316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[2316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\WINDOWS\System32\alg.exe[2316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\WINDOWS\System32\alg.exe[2316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\WINDOWS\System32\alg.exe[2316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\WINDOWS\System32\alg.exe[2316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\System32\alg.exe[2316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005101D4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005100E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00510120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0051015C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00510198
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00510030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0051006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005100A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005200E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00520120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005200A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00520030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0052006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007201D4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007200E4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00720120
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0072015C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00720198
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00720030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0072006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007200A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007300E4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00730120
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007300A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00730030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0073006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007201D4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007200E4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00720120
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0072015C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00720198
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00720030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0072006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007200A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007300E4
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10699777 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10699709 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7C37 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00730120
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007300A8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00730030
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0073006C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2928] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C823A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003000E4
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300120
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003000A8
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00300030
.text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0030006C
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\WINDOWS\System32\tabbtnu.exe[3652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\System32\tabbtnu.exe[3652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\System32\tabbtnu.exe[3652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\System32\tabbtnu.exe[3652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\System32\tabbtnu.exe[3652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003001D4
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003000E4
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00300120
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0030015C
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00300198
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00300030
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0030006C
.text C:\WINDOWS\System32\tabbtnu.exe[3652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003000A8
.text C:\WINDOWS\Explorer.EXE[3836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C4000A
.text C:\WINDOWS\Explorer.EXE[3836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\Explorer.EXE[3836] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BE000C
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003601D4
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003600E4
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00360120
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0036015C
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00360198
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00360030
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0036006C
.text C:\WINDOWS\Explorer.EXE[3836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003600A8
.text C:\WINDOWS\Explorer.EXE[3836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003700E4
.text C:\WINDOWS\Explorer.EXE[3836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00370120
.text C:\WINDOWS\Explorer.EXE[3836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003700A8
.text C:\WINDOWS\Explorer.EXE[3836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00370030
.text C:\WINDOWS\Explorer.EXE[3836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\ctfmon.exe[3868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[3868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003601D4
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003600E4
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00360120
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0036015C
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00360198
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00360030
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0036006C
.text C:\WINDOWS\system32\ctfmon.exe[3868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003600A8
.text C:\WINDOWS\system32\ctfmon.exe[3868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\ctfmon.exe[3868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\ctfmon.exe[3868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\ctfmon.exe[3868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\ctfmon.exe[3868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0037006C
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F01D4
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F00E4
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0120
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F015C
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0198
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F0030
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F006C
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F00A8
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007500E4
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00750120
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007500A8
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00750030
.text C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE[3912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0075006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003000E4
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300120
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003000A8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00300030
.text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[3928] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0030006C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89DFD1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{4F23F02C-6FBC-4967-A100-D4716F2A670C} 89B55500
Device \Driver\usbuhci \Device\USBPDO-0 89C241F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9CD2B8F8-007E-4295-8CDD-15D51CB20B89} 89B55500
Device \Driver\usbuhci \Device\USBPDO-1 89C241F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E6A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89E6A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89E6A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89E6A1F8
Device \Driver\usbuhci \Device\USBPDO-2 89C241F8
Device \Driver\usbehci \Device\USBPDO-3 89A321F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89DFF1F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89D5427F
Device \Driver\atapi \Device\Ide\IdePort0 [F71CAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89B55500
Device \Driver\NetBT \Device\NetbiosSmb 89B55500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 89C241F8
Device \Driver\usbuhci \Device\USBFDO-1 89C241F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A9E500
Device \Driver\usbuhci \Device\USBFDO-2 89C241F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A9E500
Device \Driver\usbehci \Device\USBFDO-3 89A321F8
Device \Driver\Ftdisk \Device\FtControl 89DFF1F8
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS541060G9AT00_________________________MB3OA60A#5&392b7317&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x33 0xC0 0xF2 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x33 0xC0 0xF2 0xD0 ...

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:59 PM

Posted 31 March 2011 - 07:57 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:59 PM

Posted 03 April 2011 - 12:46 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users