Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost exe, Fake-AV, redirects.


  • This topic is locked This topic is locked
3 replies to this topic

#1 jaharradine

jaharradine

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 02 May 2011 - 02:38 AM

Okay, I'm new here, so bare with me.
I use Avast! as my mail AV program, of late it's been going off every couple of seconds with warnings that svchost.exe is attempting to connect to malicious ip addresses and websites. Last IP's blocked were 199.80.55.19 and 199.80.55.80
OS is XP 32bit Home Edition.

Literally just before these began to come through, a fake AV popped up in my task bar. I'd dealt with these before using IObit 360, looking through startup items to remove the file and then running malwarebytes to fix up any loose ends.

However I'm still getting these malware warnings from Avast. Also pages visited through google, or through links on websites are now redirecting, to random Adware sites.

I'm currently running SUPERAntiSpyware.
I did run combofix last night, here is the log.

ComboFix 11-04-30.05 - James 01/05/2011 23:43:06.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1745 [GMT -8:00]
Running from: c:\documents and settings\James\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\James\Application Data\Copy of inst.txt
c:\documents and settings\James\Application Data\inst.exe
c:\documents and settings\James\Local Settings\Temporary Internet Files\nofile.htm
c:\documents and settings\James\Local Settings\Temporary Internet Files\RawFile.htm
c:\documents and settings\James\WINDOWS
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Netw2c32(10).dll
c:\windows\system32\Netw2c32(11).dll
c:\windows\system32\Netw2c32(12).dll
c:\windows\system32\Netw2c32(13).dll
c:\windows\system32\Netw2c32(14).dll
c:\windows\system32\Netw2c32(15).dll
c:\windows\system32\Netw2c32(16).dll
c:\windows\system32\Netw2c32(2).dll
c:\windows\system32\Netw2c32(3).dll
c:\windows\system32\Netw2c32(4).dll
c:\windows\system32\Netw2c32(5).dll
c:\windows\system32\Netw2c32(6).dll
c:\windows\system32\Netw2c32(7).dll
c:\windows\system32\Netw2c32(8).dll
c:\windows\system32\Netw2c32(9).dll
c:\windows\system32\Netw2c32.dll
c:\windows\system32\Netw2r32(10).dll
c:\windows\system32\Netw2r32(11).dll
c:\windows\system32\Netw2r32(12).dll
c:\windows\system32\Netw2r32(13).dll
c:\windows\system32\Netw2r32(14).dll
c:\windows\system32\Netw2r32(15).dll
c:\windows\system32\Netw2r32(16).dll
c:\windows\system32\Netw2r32(2).dll
c:\windows\system32\Netw2r32(3).dll
c:\windows\system32\Netw2r32(4).dll
c:\windows\system32\Netw2r32(5).dll
c:\windows\system32\Netw2r32(6).dll
c:\windows\system32\Netw2r32(7).dll
c:\windows\system32\Netw2r32(8).dll
c:\windows\system32\Netw2r32(9).dll
c:\windows\system32\Netw2r32.dll
c:\windows\system32\setup.ini
c:\windows\Temp\tmp3.tmp
c:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 03:38 . 2011-05-02 03:38 -------- d-----w- c:\documents and settings\James\Application Data\Malwarebytes
2011-05-02 03:33 . 2011-05-02 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-02 03:33 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 03:33 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 03:33 . 2011-05-02 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 21:37 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-01 21:37 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-01 21:37 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-01 21:37 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-01 21:37 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-01 21:37 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-01 21:37 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-01 21:37 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-01 21:11 . 2011-05-01 21:11 -------- d-----w- c:\documents and settings\James\Application Data\CBS Interactive
2011-05-01 21:10 . 2011-05-01 21:10 -------- d-----w- c:\documents and settings\James\Application Data\IObit
2011-05-01 13:00 . 2011-05-01 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\kI31002GlNiH31002
2011-04-28 08:12 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-19 04:10 . 2011-04-19 04:11 -------- d-----w- c:\program files\Accessdiver
2011-04-07 07:24 . 2011-04-07 07:57 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\WMTools Downloaded Files
2011-04-03 09:51 . 2007-11-06 17:06 11568 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2011-04-03 09:51 . 2007-11-06 17:06 32080 ----a-w- c:\windows\system32\drivers\UimBus.sys
2011-04-03 09:51 . 2007-11-06 17:06 131672 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2011-04-03 09:50 . 2008-01-22 01:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll
2011-04-03 07:46 . 2011-04-03 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher
2011-04-03 07:42 . 2007-11-06 17:06 39472 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2011-04-03 07:41 . 2011-04-03 09:51 -------- d-----w- c:\program files\Paragon Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-06-29 16:26 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2009-10-31 21:27 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2009-10-31 21:28 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2009-10-31 21:28 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:16 . 2009-10-31 21:28 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-18 17:16 . 2009-10-31 21:28 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-18 17:13 . 2009-10-31 21:28 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2009-10-31 21:28 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-18 17:12 . 2009-10-31 21:28 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-11 04:12 . 2011-03-11 04:12 72 ----a-w- c:\windows\Vue 7.5 xStream.reg
2011-03-11 04:12 . 2011-03-11 04:12 70 ----a-w- c:\windows\Vue 7 xStream.reg
2011-03-11 04:12 . 2011-03-11 04:12 70 ----a-w- c:\windows\Vue 6 xStream.reg
2011-02-24 07:04 . 2011-02-24 07:04 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-14 16:26 . 2011-05-01 21:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"LG LinkAir"="c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2010-09-15 2440552]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380416]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-01-25 94208]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-17 32835]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-11-01 204800]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-30 315392]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2009-06-01 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2009-06-01 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
.
c:\documents and settings\James\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\documents and settings\James\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-3-3 2621952]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QLINK.lnk - c:\program files\Lexmark Applications\QLink\QLINK.EXE [2009-11-11 1346048]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS5\\Photoshop.exe"=
"c:\\Program Files\\RapidSolution\\Tunebite 7\\Tunebite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"23784:TCP"= 23784:TCP:BitComet 23784 TCP
"23784:UDP"= 23784:UDP:BitComet 23784 UDP
"46295:TCP"= 46295:TCP:BitComet 46295 TCP
"46295:UDP"= 46295:UDP:BitComet 46295 UDP
"10552:TCP"= 10552:TCP:BitComet 10552 TCP
"10552:UDP"= 10552:UDP:BitComet 10552 UDP
"8373:TCP"= 8373:TCP:BitComet 8373 TCP
"8373:UDP"= 8373:UDP:BitComet 8373 UDP
"23326:TCP"= 23326:TCP:BitComet 23326 TCP
"23326:UDP"= 23326:UDP:BitComet 23326 UDP
"17729:TCP"= 17729:TCP:BitComet 17729 TCP
"17729:UDP"= 17729:UDP:BitComet 17729 UDP
"7258:TCP"= 7258:TCP:BitComet 7258 TCP
"7258:UDP"= 7258:UDP:BitComet 7258 UDP
"6899:TCP"= 6899:TCP:BitComet 6899 TCP
"6899:UDP"= 6899:UDP:BitComet 6899 UDP
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"6885:TCP"= 6885:TCP:BitComet 6885 TCP
"6885:UDP"= 6885:UDP:BitComet 6885 UDP
"26551:TCP"= 26551:TCP:BitComet 26551 TCP
"26551:UDP"= 26551:UDP:BitComet 26551 UDP
"6889:TCP"= 6889:TCP:BitComet 6889 TCP
"6889:UDP"= 6889:UDP:BitComet 6889 UDP
"666:TCP"= 666:TCP:BitComet 666 TCP
"666:UDP"= 666:UDP:BitComet 666 UDP
.
R2 FlexService;Remote Connections Service; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-08-03 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-08-03 20864]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-08-03 19968]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-08-03 24960]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 PEEK5;PEEK5 Protocol Driver;c:\progra~1\WILDPA~1\OMNIPE~1\PEEK5.SYS [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-01-12 27168]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2007-07-25 26624]
R3 vpn-x;VPN-X Virtual Network Interface Card(NIC);c:\windows\system32\DRIVERS\vpn-x.sys [2010-09-11 24960]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-19 691696]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-24 218688]
S1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2002-11-01 12288]
S2 aswFsBlk;aswFsBlk; [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-01-12 27168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-05 00:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2009-11-25 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2007-09-01 08:31]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc04aee5ba7ea0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 06:04]
.
2011-05-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
.
2011-04-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
.
2011-05-02 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2010-09-27 08:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://shop.thefreevpn.com/home.php
uInternet Settings,ProxyServer = http=127.0.0.1:6711
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {DBCADAF1-64F8-4062-810C-4466A3FE2298} = 10.21.40.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\fpc4jzok.Koc 2\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 00:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2060AH rev.00840096 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AEB433B
IoDeviceObjectType -> ParseProcedure -> 0xbae88160
\Device\Harddisk0\DR0 -> ParseProcedure -> 0xbae88160
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2322864131-2970488296-489325745-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E9E6690-D359-F728-A83D-8BEAE639E030}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naplfbbpjeflmepkhmhindbmhmme"=hex:6b,61,6c,6f,6e,64,6b,62,65,6f,65,6a,69,6c,
61,6b,6c,6e,63,6e,6f,68,00,00
"mabpliefjnfpjfaafoggnglmhe"=hex:6b,61,6c,6f,6e,64,6b,62,65,6f,65,6a,69,6c,61,
6b,6c,6e,63,6e,6f,68,00,00
.
[HKEY_USERS\S-1-5-21-2322864131-2970488296-489325745-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDB99633-DB14-EE8F-EA42-030490BA0E83}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naenlookagbjlahnffdonkgiangp"=hex:6b,61,61,6b,6c,70,6a,61,69,65,66,62,6f,6d,
70,63,64,69,6b,64,6e,64,00,00
"maknnjgjmmibbilboannlamcnn"=hex:6b,61,61,6b,6c,70,6a,61,69,65,66,62,6f,6d,70,
63,64,69,6b,64,6e,64,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(380)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(440)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\System32\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-05-02 00:34:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 08:04
.
Pre-Run: 12,135,645,184 bytes free
Post-Run: 10,570,670,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BEC044BD323C4F1B17A3A84F7112F6F9

Tried running TSDDKiller, but it lags on 80% then force closes.

Also ran GMER, here is that log.

GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-02 17:06:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHV2060AH rev.00840096
Running: leg0sgh5.exe; Driver: C:\DOCUME~1\James\LOCALS~1\Temp\ugtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9F061C48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0x9F06A722]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0x9F06A5DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0x9F06ABE0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0x9F06AAF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x9F06A1AE]
SSDT spho.sys ZwEnumerateKey [0xBA6CDDA4]
SSDT spho.sys ZwEnumerateValueKey [0xBA6CE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9F061CF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0x9F06A6B6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x9F06A0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x9F06A150]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9F061D90]
SSDT spho.sys ZwQueryKey [0xBA6CE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0x9F06A7FA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x9F06ACAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0x9F06A7B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0x9F06A93C]

INT 0x3B ? 8A9E4BF8
INT 0x3B ? 8A9E4BF8
INT 0x3B ? 8A9E4BF8
INT 0x3B ? 8A9E4BF8
INT 0x3B ? 8A9E4BF8
INT 0x3E ? 8AD53BF8
INT 0x3F ? 8AD53BF8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9F077762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9F077586]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9F0776C0]
Code BAF5FC9C ZwRequestPort
Code BAF5FD3C ZwRequestWaitReplyPort
Code BAF5FBFC ZwTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code BAF5FC9B NtRequestPort
Code BAF5FD3B NtRequestWaitReplyPort
Code BAF5FBFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 254C 80501D84 4 Bytes JMP 8A9F06A0
.text ntkrnlpa.exe!NtTraceEvent 80531838 5 Bytes JMP BAF5FC00
PAGE ntkrnlpa.exe!ZwLoadDriver 80579608 7 Bytes JMP 9F0776C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestPort 80597DE2 5 Bytes JMP BAF5FCA0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 8059810E 5 Bytes JMP BAF5FD40
PAGE ntkrnlpa.exe!NtCreateSection 805A076A 7 Bytes JMP 9F07758A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CEE 5 Bytes JMP 9F07311E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B66 5 Bytes JMP 9F074BBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP 9F077766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spho.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B7B988AC 5 Bytes JMP 8A9E41D8
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E1 5 Bytes JMP BAF5F480
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE68 5 Bytes JMP BAF5F3E0
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E77A 5 Bytes JMP BAF5FA20
.text win32k.sys!EngSetLastError + 768F BF8286CB 5 Bytes JMP BAF5F5C0
.text win32k.sys!EngLockSurface + 148C BF834FEB 5 Bytes JMP BAF5F700
.text win32k.sys!EngCreateBitmap + DDB2 BF845CCB 5 Bytes JMP BAF5F660
.text win32k.sys!EngMultiByteToWideChar + 2F32 BF852C47 5 Bytes JMP BAF5F8E0
.text win32k.sys!XLATEOBJ_iXlate + 3A50 BF86368D 5 Bytes JMP BAF5F520
.text win32k.sys!FONTOBJ_pxoGetXform + CC3E BF8C31D6 5 Bytes JMP BAF5F7A0
.text win32k.sys!PATHOBJ_vGetBounds + 74EE BF8F00FB 5 Bytes JMP BAF5F980
.text win32k.sys!EngCreateClip + 19C1 BF91313E 5 Bytes JMP BAF5FAC0
.text win32k.sys!EngCreateClip + 1F51 BF9136CE 5 Bytes JMP BAF5FB60
.text win32k.sys!EngCreateClip + 2597 BF913D14 5 Bytes JMP BAF5F840

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Hotspot Shield\bin\hsswd.exe[208] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\ibmpmsvc.exe[312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[472] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[472] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[472] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[504] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000801F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000803FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\svchost.exe[644] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0074000A
.text C:\WINDOWS\System32\svchost.exe[644] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0072000C
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0208000A
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0209000A
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 020A000A
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\svchost.exe[644] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DE000A
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[748] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\S24EvMon.exe[768] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\S24EvMon.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\S24EvMon.exe[768] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\S24EvMon.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\S24EvMon.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\WINDOWS\System32\S24EvMon.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\WINDOWS\System32\S24EvMon.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\WINDOWS\System32\S24EvMon.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\System32\S24EvMon.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\S24EvMon.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[864] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[864] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\igfxpers.exe[876] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\igfxpers.exe[876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[876] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\igfxpers.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\WINDOWS\system32\igfxpers.exe[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\WINDOWS\system32\igfxpers.exe[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\igfxpers.exe[876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\igfxpers.exe[876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\igfxpers.exe[876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 002401F8
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 002403FC
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00501014
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00500804
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00500A08
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00500C0C
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00500E10
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005001F8
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005003FC
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00500600
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00510804
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00510A08
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00510600
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005101F8
.text C:\Program Files\Hotspot Shield\bin\openvpnas.exe[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005103FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Google\Update\GoogleUpdate.exe[1148] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe[1352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\spoolsv.exe[1884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\spoolsv.exe[1884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\spoolsv.exe[1884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\spoolsv.exe[1884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\smss.exe[1888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[1908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wscntfy.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wscntfy.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wscntfy.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wscntfy.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\wscntfy.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\csrss.exe[1936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1936] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1960] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1960] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\winlogon.exe[1960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\winlogon.exe[1960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\winlogon.exe[1960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\winlogon.exe[1960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\winlogon.exe[1960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\winlogon.exe[1960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000501F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000503FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01540804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01540A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01540600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 015401F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 015403FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01551014
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01550804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01550A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01550C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01550E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 015501F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 015503FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01550600
.text C:\WINDOWS\system32\services.exe[2008] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[2008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[2008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\services.exe[2008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\services.exe[2008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\services.exe[2008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\services.exe[2008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\services.exe[2008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\services.exe[2008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\lsass.exe[2020] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[2020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[2020] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\lsass.exe[2020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\lsass.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\lsass.exe[2020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\lsass.exe[2020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\lsass.exe[2020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\lsass.exe[2020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE000A
.text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EF000A
.text C:\WINDOWS\Explorer.EXE[2084] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00ED000C
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00361014
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00360804
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00360A08
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00360C0C
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00360E10
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003601F8
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003603FC
.text C:\WINDOWS\Explorer.EXE[2084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00360600
.text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00370804
.text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00370A08
.text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00370600
.text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003701F8
.text C:\WINDOWS\Explorer.EXE[2084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003703FC
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe[2248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001601F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2268] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\msdtc.exe[2364] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\msdtc.exe[2364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2364] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\msdtc.exe[2364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\msdtc.exe[2364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\msdtc.exe[2364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\msdtc.exe[2364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\msdtc.exe[2364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\msdtc.exe[2364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\msdtc.exe[2364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\System32\RegSrvc.exe[2428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00441014
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00440804
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00440A08
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00440C0C
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00440E10
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004401F8
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004403FC
.text C:\WINDOWS\System32\RegSrvc.exe[2428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00440600
.text C:\WINDOWS\System32\RegSrvc.exe[2428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00450804
.text C:\WINDOWS\System32\RegSrvc.exe[2428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00450A08
.text C:\WINDOWS\System32\RegSrvc.exe[2428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00450600
.text C:\WINDOWS\System32\RegSrvc.exe[2428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004501F8
.text C:\WINDOWS\System32\RegSrvc.exe[2428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004503FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[2464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\svchost.exe[2520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[2520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[2520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[2520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[2520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[2520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[2520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe[2580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\System32\svchost.exe[2800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2800] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[2800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\svchost.exe[2800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\svchost.exe[2800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\svchost.exe[2800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\svchost.exe[2800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\dllhost.exe[2904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\dllhost.exe[2904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\dllhost.exe[2904] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\dllhost.exe[2904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\dllhost.exe[2904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\dllhost.exe[2904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\dllhost.exe[2904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\dllhost.exe[2904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\dllhost.exe[2904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\dllhost.exe[2904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[2964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3176] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\wdfmgr.exe[3276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\wdfmgr.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wdfmgr.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wdfmgr.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wdfmgr.exe[3276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wdfmgr.exe[3276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005B0804
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005B0A08
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005B0600
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005B01F8
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005B03FC
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005C1014
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005C0804
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!ChangeServiceConfigW 77E37001 5 Bytes JMP 005C0A08
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!ChangeServiceConfig2A 77E37101 3 Bytes JMP 005C0C0C
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!ChangeServiceConfig2A + 4 77E37105 1 Byte [88]
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005C0E10
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!CreateServiceA 77E37211 5 Bytes JMP 005C01F8
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!CreateServiceW 77E373A9 5 Bytes JMP 005C03FC
.text C:\Program Files\Lexmark Applications\QLink\QLINK.EXE[3408] ADVAPI32.DLL!DeleteService 77E374B1 5 Bytes JMP 005C0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe[3480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text c:\program files\lenovo\system update\suservice.exe[3576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text c:\program files\lenovo\system update\suservice.exe[3576] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[3584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe[3612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\WINDOWS\AGRSMMSG.exe[3756] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\AGRSMMSG.exe[3756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[3756] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\AGRSMMSG.exe[3756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[3756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\WINDOWS\AGRSMMSG.exe[3756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\WINDOWS\AGRSMMSG.exe[3756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\WINDOWS\AGRSMMSG.exe[3756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\AGRSMMSG.exe[3756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\WINDOWS\AGRSMMSG.exe[3756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[3888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Program Files\iPod\bin\iPodService.exe[3888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Program Files\iPod\bin\iPodService.exe[3888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\iPod\bin\iPodService.exe[3888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\iPod\bin\iPodService.exe[3888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\iPod\bin\iPodService.exe[3888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\iPod\bin\iPodService.exe[3888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\dllhost.exe[3936] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[3936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3936] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[3936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\dllhost.exe[3936] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\dllhost.exe[3936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\system32\dllhost.exe[3936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\system32\dllhost.exe[3936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\dllhost.exe[3936] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\dllhost.exe[3936] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F0804
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0A08
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F0600
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F01F8
.text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\hkcmd.exe[4084] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\hkcmd.exe[4084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[4084] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\hkcmd.exe[4084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[4084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\WINDOWS\system32\hkcmd.exe[4084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\WINDOWS\system32\hkcmd.exe[4084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\hkcmd.exe[4084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\hkcmd.exe[4084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\hkcmd.exe[4084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AB0804
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AB0A08
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AB0600
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AB01F8
.text C:\Documents and Settings\James\My Documents\Downloads\leg0sgh5.exe[5664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AB03FC

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6B6042] spho.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6B613E] spho.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6B60C0] spho.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6B6800] spho.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6B66D6] spho.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6C5B90] spho.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[2008] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00640002
IAT C:\WINDOWS\system32\services.exe[2008] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00640000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8AD521F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8AB8D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AB8D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8AB8D1F8
Device \Driver\usbuhci \Device\USBPDO-3 8AB8D1F8
Device \Driver\usbehci \Device\USBPDO-4 8AB76500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8ADC31F8
Device \Driver\Cdrom \Device\CdRom0 8A9A01F8
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AC7333B
Device \Driver\atapi \Device\Ide\IdePort0 [BA611B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8AC7333B
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BA611B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AC7333B
Device \Driver\atapi \Device\Ide\IdePort1 [BA611B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8AC7333B
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [BA611B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A9A01F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AAA41F8
Device \Driver\NetBT \Device\NetbiosSmb 8AAA41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DBCADAF1-64F8-4062-810C-4466A3FE2298} 8AAA41F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 8AB8D1F8
Device \Driver\usbuhci \Device\USBFDO-1 8AB8D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A956500
Device \Driver\usbuhci \Device\USBFDO-2 8AB8D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A956500
Device \Driver\usbuhci \Device\USBFDO-3 8AB8D1F8
Device \Driver\usbehci \Device\USBFDO-4 8AB76500
Device \Driver\Ftdisk \Device\FtControl 8ADC31F8
Device \FileSystem\Cdfs \Cdfs 8AB19500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x40 0x00 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x40 0x00 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x40 0x00 0xC8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x40 0x00 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x40 0x00 0xC8 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x40 0x00 0xC8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E9E6690-D359-F728-A83D-8BEAE639E030}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E9E6690-D359-F728-A83D-8BEAE639E030}@naplfbbpjeflmepkhmhindbmhmme 0x6B 0x61 0x6C 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E9E6690-D359-F728-A83D-8BEAE639E030}@mabpliefjnfpjfaafoggnglmhe 0x6B 0x61 0x6C 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDB99633-DB14-EE8F-EA42-030490BA0E83}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDB99633-DB14-EE8F-EA42-030490BA0E83}@naenlookagbjlahnffdonkgiangp 0x6B 0x61 0x61 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FDB99633-DB14-EE8F-EA42-030490BA0E83}@maknnjgjmmibbilboannlamcnn 0x6B 0x61 0x61 0x6B ...

---- EOF - GMER 1.0.15 ----

Merged posts. ~ OB

Edited by Orange Blossom, 02 May 2011 - 08:09 AM.


BC AdBot (Login to Remove)

 


#2 jaharradine

jaharradine
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 02 May 2011 - 08:16 AM

Inside svchost.exe I find,
ïoÝwÛyÝw¢NÞw
KÞwåJÞw¶yÝwõrÝw{yÝw¼rÝw12ßwW>ßwlÝwŸjÝw}5ßw    
ÿ|þ|d¡€|™š€|¿™€|…Þ€|{™€|0®€|õ€|à|¤ ‘| |8Í€|n¬€|ôº€|æƒ|&ª€|úʁ|p|Ÿ€|Q¬€|Ÿ¬€|ýI„|µ‚|2˜€|{€|·¤€|.“€|¸—€|°™€|é€|€|j>†|š€|\ª€|Íî‡|    Àؐ|
ÿ|°Õ|‘|@/‘|¤ ‘|ˆy‘|•|u‚‘|˜6‘|X‚‘|Ðϐ|À6‘|7‘|¥Î’|¹N“|‘|*þ|¯Y–|J1‘|    áëw’HêwÇéwRêw½÷éw}Ýèw®øéwW)èwçHêw    EðPEüPEøP¡X@ 4¶ÁæÆPèf  3À9Eøt	9Eü…n  ‹E‹8¡X@ ð3À9Eü…m  9Eøt9EüuÿFSÿ` 3Û9]ü…  9]ø„a  9]ü…X  ÿuÿuÿUøVèO  _^[É ‹ÿU‹ìQQV‹50 WEøP¿  Wj hh h  €ÿÖ…À‰Eüu;SEPWj ÿuÿuøÿÖ…À‹, ‰EüuÿuWj hP ÿuÿÖÿu‰EüÿÓÿuøÿÓ[‹Eü_^É P a r a m e t e r s   S y s t e m \ C u r r e n t C o n t r o l S e t \ S e r v i c e s   ‹ÿU‹ìÿuÿuÿ5\@ ÿd ] ‹ÿU‹ìì,  ¡d@ S‹]V‹u‰Eü‹EW‹}ƒ' ‰…Ôûÿÿ‹F…À…Ý   …àûÿÿPÿ6èÉþÿÿ…À…  …ØûÿÿP…äûÿÿP…ÜûÿÿPj hh ÿµàûÿÿÇ…Øûÿÿ
  ÿ  …À…É   jX9…Üûÿÿ…º   fƒ½äûÿÿ „¬   h  …ðýÿÿP…äûÿÿPÿx …ðýÿÿPèY  V…ðýÿÿPè$  …ÀuWV…ðýÿÿPèv  ‰FFPjhP ÿµàûÿÿèÁ  ÿµàûÿÿÿ, ‹F…Àt-‹N…Éu¹D WQPè‹   j h( ‰ÿvèz   ‹Ôûÿÿ‰‹Mü_^[è¬   É ‰ë­‰ëµSvchostPushServiceGlobals ServiceMain S e r v i c e M a i n   S e r v i c e D l l   ‹ÿU‹ìV‹u‹F…ÀujPÿvÿ\ …À„H  ‰FWÿuPÿX ‹ø…ÿt&‹Ç_^]Â ;
d@ …Æ  ÷Á  ÿÿ…º  Ëu…ötÓéõ  ‹ÿU‹ìV‹u…ötVÿ Y@PVPVh   h   ÿl ^] ‹ÿU‹ìEPÿuÿuÿuÿuè	   ] ‹ÿU‹ìQQ‹ESV‹5  W3ÿ‰8‹E‰8EüPWEøPWÿu‰}üÿuÿÖ‹Ø;ß„Ç  _^‹Ã[É ‹ÿU‹ìQ‹EV3ö‰0EPÿuÿuÿuètÿÿÿ;ƉE„  ‹E^É ‹ÿU‹ìQƒeü VWh@@ ÿh ‹5h@ ¿h@ ;÷t%S‹Ä ÿu‰uüÿvÿÓ…À„2  ‹6ƒeü ;÷uã[h@@ ÿ` ‹Eü_^É ‹ÿU‹ìVWÿuÿH D Pj_Wèeüÿÿ‹ð…ötGÿuFP‰Fÿt ‹E¿@@ W‰Fÿh ¡l@ Çh@ ‰F‰0W‰5l@ ÿ` _‹Æ^]Â ‹E‰8ëñ‹ÿU‹ìƒì‹ESVW‹83ö»@@ S‰uø‰uü‰uìÇEð   ‰uèÿh 95`@ †.  !uô¡X@ ‹Môÿ4Wÿ| …À„BúÿÿƒEôF;5`@ rÙéô   ‹ÿU‹ìƒìSVW3Û¿@@ WÇEô   ‰]ø‰]üÿh ‹uÿNEüPÿ6è†úÿÿ…Àu#EôPEøPEðPShœ ÿuüÿ  …À„  Wÿ` 9]ü_^[t	ÿuüÿ, É S e r v i c e D l l U n l o a d O n S t o p   ¡p@ ;ÄÚùÿÿPÿUü9]ø…ßùÿÿéI  9p@ …†ùÿÿèé  é|ùÿÿ9p@ …‘ùÿÿé‚ùÿÿ‹}ì‹uèé„ùÿÿ;û…%  éªùÿÿ‹ÿV¾t@ Vÿh ÿŒ@ Vÿ` ^ËEø;EuV9}ütQj[ÿuüWèMúÿÿ;ljE„ýÿÿMüQPEøPWÿuÿuÿÖ‹Ø;ßu‹E‹M‰‹Eü‹M‰éèüÿÿÿuè   éÛüÿÿj
[éÓüÿÿ‹ÿU‹ìÿuj ÿ5\@ ÿ< ] SWÿuÿH ‹=D VVVV‹ØCSÿuVVÿ×;ƉEüt6PVÇE   è¬ùÿÿ;ƉEt!VVÿuü‰uPSÿuVVÿ×…À„W  ‹E‹M‰ÿuèÿÿÿ_[éüÿÿ‹Eÿ0‹Fÿ0ÿÓ…À…ºüÿÿé¿üÿÿ‹ÿU‹ìQSV3ö3Û9u‰uü„Ú   9u„Ñ   9u„È   9u„¿   Wh@@ ÿh 95`@ †ž   3ÿ¡X@ ÿ4ÿuÿ| …ÀtFƒÇ;5`@ rßëy‹
X@ ¶4…ötiƒ~ ucj_WWèÇøÿÿ‹Ø…Û„µ  ÿu‹EjÿSh³. ÿu‰ÿu‰sÿ˜ …À„–  ‹EÿF‰Fh@@ ÿ` ƒ}ü _…d  ‹Eü^[É ÇEü
   ëØjWXë쐐‹ÿWht@ ÿˆ jY3À!Œ@ ¿ìA ó«_Аh”@ ÿˆ ƒ%@  3ÀА‹ÿU‹ìVd¡   ÿu‹ðÿô P‹F0j ÿpÿä …À‹M‰^„S  ÿuÿuPÿð 3À]Â öèA uèŒÿÿÿƒ
èA öèA uèPÿÿÿƒ
èA öèA uèu  …ÀŒg  ƒ
èA jdjè~÷ÿÿ…À£p@ „J  ‹
`A ‰¡p@ ‹
dA ‰H¡p@ ‹
hA ‰H¡p@ ‹
lA ‰H¡p@ ‹
pA ‰H¡p@ ‹
tA ‰H¡p@ ‹
xA ‰H¡p@ ‹
|A ‰H¡p@ ‹
€A ‰H ¡p@ ‹
„A ‰H$¡p@ ‹
ÈA ‰H(¡p@ ‹
ÌA ‰H,¡p@ ‹
ÐA ‰H0¡p@ ‹
ÔA ‰H4¡p@ ‹
ØA ‰H8¡p@ ‹
ÜA ‰H<¡p@ ‹
àA ‰H@¡p@ ‹
äA ‰HD¡p@ Ç@Hà ¡p@ Ç@LÊ1 ¡p@ Ç@P2 ¡p@ Ç@T- ¡p@ Ç@Xü. ¡p@ Ç@\0 ¡p@ Ç@`Z А‹ÿVW3öj†Ä@ P¾À@ ÿ7èëýÿÿ…À|I‹j ÿ0ÿø ‹ŽÌ@ ƒÆþ    ‰rÇ3öÿ¶ˆA ÿ¶ŒA ÿ5|A è   …À|
ƒÆƒþ@rÝ3À_^ø  Àëö‹ÿU‹ìQQSVWd¡   ‹@0‹pÿu‹  ‰uøÿÓ¶8GPÿô Pj V‰Eüÿä …À‹u‰„Ø  ÿuPÿuüÿ …Àÿ6‰EŒÈ  ÿÓþ Wÿ6ÿø ‹M‰3À_^[ÉÂ ƒ}ð…ðùÿÿƒ}ø…æùÿÿ9^…Ýùÿÿét  e v e n t l o g   ÿ% ÿ%Ü ÿ%à ‹ÿU‹ìVW¾”@ Vÿh ÿuÿuèI   ‹ø…ÿu*ÿ@ ƒ=@ ujh90  jÿ4 ‹øÿ±  u3ÿVÿ` Wÿ@ _^] ‹ÿU‹ìQSVÿu3Û‰]üècÿÿÿYD PSÿÀ ‹ð;ó„‰  Wh VèVÿÿÿÿuVèBÿÿÿƒÄEüPÿuè€   ‹ø;ûŒe  ÿuüVj
hð ÿ8 ‹ø;ûu-SSÿuÿ< ‹øV‹5L ÿÖ9]ü…=  Wÿ@ _^[É ÿÌ  uØëɐn c a c n _ n p   \ P I P E \   ‹ÿU‹ìƒìT‹ESV‹5ì Wÿu3ÿ‰8EàPÿÖ3Ûÿ³¬@ EØPÿÖjEàPEØPÿè …À„š  ƒÃƒûrÔ¾4  À;÷  þ4  À…f  ‹E‰83À_^[É ‹ÿU‹ì‹E£\@ ] ‹ÿU‹ìSV‹uh´@ jÿvÿuèbõÿÿ‹Ø…Ûu¡´@ …À„}	  f9„t	  EPh  j ÿvÿuÿ0 …À…¢   EPh\! ÿuèá  …Àu‹E‰Fƒ~ t_EPh4! ÿuèÀ  …À„Ì	  ÇF   EPh! ÿuè   …À„·	  ÇF   EPhÔ  ÿuè€  …À…Ï  ‹E‰FEPh¬  ÿuèa  …À„Ä  ÿuÿ, ^‹Ã[] D e f a u l t R p c S t a c k S i z e   A u t h e n t i c a t i o n C a p a b i l i t i e s   I m p e r s o n a t i o n L e v e l   A u t h e n t i c a t i o n L e v e l   C o I n i t i a l i z e S e c u r i t y P a r a m   ‹ÿVW¿@@ Wÿh ¡`@ Å   Pjèøðÿÿ‹ð3É;ñt*3À9
`@ v ‹X@ ‹‰ÆÇDÆ¥ @ƒÁ;`@ ràWÿ` _‹Æ^А‹ÿU‹ìƒì¡d@ …Àt=@»  uLVEøPÿ´ ‹uü3uøÿ° 3ðÿ¬ 3ðÿ¨ 3ðEðPÿ¤ ‹Eô3Eð3Æ%ÿÿ  ^„€  £d@ ÷У°@ ÉÃFFf‹f;Ç…Ç   éÖ   fƒøKtë!FFf‹f;Ç„Ü   fƒøkuäCÇC   ‰EüFFéŠ   ‹ÿU‹ìQƒ} „•  SVÿuÿH t F$PjèÖïÿÿ‹Ø…Û„Ü   ƒeü ‹Î‹u‹ÁWÁé{$‰;ó¥‹Èƒáó¤‹33ÿ‰sf9>t f‹fƒø t
fƒø	tFFf9>uêf9>tf‰>FFÿsè¼ñÿÿf‹f;Çtofƒø „!ÿÿÿfƒø	„ÿÿÿf‹f;ÇtSfƒø-„ ÿÿÿfƒø/„ÿÿÿfƒø"‹Î„ã  f9>tf‹fƒø t
fƒø	tFFf9>uêf9>…é  9}üt“‹Eü‰‰}üë‰3À9{•À;ljC„Ñ  _^‹Ã[É ‹ÿU‹ìQSEüPh  3ÛShP$ h  €ÿ0 ;Ã…  Vÿuÿuüè£ûÿÿÿuü‹ðÿ, ;ó…æ   Wh@@ ÿh ‹5´@ ‹=H ‰`@ f9tÿ`@ Vÿ׍tFë쐐S o f t w a r e \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S v c h o s t   ¡`@ €ÁàPjèäíÿÿ;ãX@ t‹5´@ ‹Øfƒ> t‰3VƒÃÿ׍tFëìh@@ ÿ` _^[É èîüÿÿ‹ÿVWh¢. ÿ” jÿ ÿŒ Pèaúÿÿ¸h@ h@@ £l@ £h@ ÿˆ ÿ„ PèZýÿÿ‹ð…öt(Vèkþÿÿè-üÿÿ‹ø…ÿtVè   Vè<óÿÿ…ÿtWÿ4 j ÿ€ ‹ÿU‹ìV‹u‹F…ÀtÿvÿvÿvPèf  ‹v …ö…«  d¡   ‹@0ÿpÿ …Àt	ÿpdÿ, ^] ¸@ ëM‹ÿU‹ìQW‹}EüPWEPj ÿuÇEü   ÿuÿ  …Àt_ÉÂ ƒ}tõéC  ¸@ ë QRPhˆ2 è	   ZYÿà‹ÿU‹ìƒì(‹ES‹XV‹pW‹}+x‹@¹   +ùÁÿñ‹ٍ„¸   ‹…Éxy  …Ò‰EüuRSÿ  ‹ø…ÿ‰}taj WVÿœ ‹ð…ö…  jY}Üó«‹E‰Eð¡¼@ …ÀÇEØ$   ‰]ä…à  ƒ} t"‹UÿuüRÿX …Àt‹M_^‰[É · ëˆÿuüSè‡
  ë䐐‹ÿU‹ìQQEøPEüPèG   …Àu:Vj3öVÿ@ …À|VÿuVÿuÿuVVjÿÿuüÿ@ ÿuüèWñÿÿÿuøÿL ^É ‹ÿU‹ìƒì<‹ES3Û‰‹EW‰EøPSj‰]ðÿT Pÿ  …ÀuEøPjÿP Pÿ …À„Ô  V‹5 EìPSSjÿuøÿÖ…Àuÿ@ ƒøz‰Eü…4  EèPSSjÿuøÿÖ…Àuÿ@ ƒøz‰Eü…  ‹uì‹EèƒÆƒæüDPSèêÿÿ;ÉEô„  xj7P‰]ü‰Mäÿ …À‹5@ „M  EìPÿuìWjÿuøÿ …À„<  EèPÿuèÿuäjÿuøÿ …À„)  Sÿ7ÿuôÿ …À„  ‹EäSÿ0ÿuôÿ …À„  9]üunjX‰EȉE܍EðPSEÄ3ÿGPW‰}ĉ]̉]Љ]Ô‰]ØÇEà<) ÿ ;ÉEüu5SÿuðWÿuôÿ …À„È   9]üu‹E‹Mô‰‹Eð‹M‰^‹Eü_[É ÿuôèˆïÿÿëìÇEü   ë㐐        ÇF 0  é+÷ÿÿj
[é„öÿÿ‹E‰F é1÷ÿÿÁæ
Véeüÿÿ!¸  é¡üÿÿÿuè2ïÿÿÿ@ ‰Eé›ïÿÿÿ@ ‰Eüë€ÿÖ‰Eüé©þÿÿÿÖ‰EüéºþÿÿÿÖ‰EüéÍþÿÿÿÖ‰Eüé×þÿÿÿÖ‰EüéäþÿÿÿuðÿL ÿÖ‰Eüé%ÿÿÿÿ@ ‰éÌêÿÿ‹u…ötÿ@ ‰3Àé¹êÿÿ‹E‰Fé0öÿÿ‹E‰FéEöÿÿ‹Fÿpÿp ‹F‰XéMíÿÿ;û„’çÿÿÿuðWè  é„çÿÿÿuðWè  é|çÿÿ3ÀéhùÿÿFFf‹f;Ç„ùÿÿ‹Îfƒø"„ùÿÿFFf‹f;Ç„ùÿÿëæf‰>FFé
ùÿÿSèîÿÿ3Ûé"ùÿÿSèîÿÿé‘ïÿÿ‰}üésïÿÿÿ@ ‰EüéeïÿÿMØQjÿÐéüÿÿWÿp ‰uéüÿÿ¸@»  év÷ÿÿþ:  À„Žôÿÿ‹ÆéŽôÿÿd¡   ÿu‹Øè·òÿÿY„ Ž   P‹C0Wÿpÿä ‹Ø;ß„9  hp- Sè¢òÿÿÿuSèŽòÿÿƒÄSEÐPÿ֍EЉE´E¬Ph  EôPÇE¬   ‰}°ÇE¸@   ‰}¼‰}ÀÿØ ‹ðd¡   ‹@0SWÿpÿÔ éÚóÿÿ‹5Ð EøPWWjÿuô‰}‰}øÿÖ=#  À…K  d¡   ÿuø‹@0Wÿpÿä ‹Ø;߉]„‰  EøPÿuøSjÿuôÿÖÿuô‹ðÿü ;÷Œg  EþPEðPEÿPSÿ …ÀŒô   €}ÿ „ê   jjEÄPÿuðÿ ;ljEèŒÎ   3Û9}ÄvPEìPSÿuð3öÿ ;ljE茬   ‹E슄Ét€ùu!‹H÷Á  t¾   €÷Á  tÎ   @‰pC;]Är°d¡   ÿuø‹@0Wÿpÿä ‹Ø;ßt[jSÿ ‹MÈ‹uð‹ÑCÁé‹øó¥j P‹ÊjƒáSó¤ÿ d¡   ÿu‹@0j ÿpÿÔ ‹E‰‹Eèé†òÿÿÿuôÿü 9}td¡   ÿu‹@0WÿpÿÔ d¡   ‹@0jWÿpÿä ‹ð;÷t"jVÿ WWjVÿ …Àt
‹E‰0é#òÿÿ¸  Àéòÿÿ\ R e g i s t r y \ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ S e c u r e P i p e S e r v e r s \   ¸  ÀéÙðÿÿVÿL ‹ÇéÊðÿÿÿuüÿÖé¹ðÿÿ¸  Àé²ìÿÿ¸  ÀéLïÿÿj ÿuøÿÔ ‹Eé9ïÿÿÂ ‹ÿU‹ìƒìƒeø ƒeü ƒeô 3À@hJ. ÿu‰Eè‰Eì‹EÇEä0   ‰Eðÿ( …ÀtMäQPÿ$ É ‹ÿU‹ì]ÿ% ‹ÿU‹ìSVW¿@@ Wÿh ‹u‹F‹Xƒ` Wÿ` ÿuÿ6ÿÓÿvè7èÿÿVèÆéÿÿ_^[] ‹ÿV¾t@ Vÿh ƒ=Œ@  vÿ
Œ@ uWjY3À¿ìA ó«_Vÿ` ^А‹ÿU‹ì€} u3Àëg¶Eƒø>t5ƒè	t)ƒètHtHt	ƒèu6j3ëB¸ú  ë<¸å  ë5¸ä  ë.¸9  ë'¸á  ë ƒètHtHtHHt¸X  ë
¸ù  ëjWX] ‹ÿU‹ì¶M‹ÁÁèƒøw…ìA Áà+È3À@Óà	] ‹ÿU‹ì¶M‹ÑÁêƒúv3Àë‹ÂÁà+È3À@Óà#•ìA ] ‹ÿU‹ìƒìD¡d@ SVW¾t@ V‰Eü3ÿÿh ‹]Sè£ÿÿÿ…Àu;jY}¼ó«ˆE¾ˆELjEɍE¼PÆE¼2ÆEÆþÆEÈýˆ]ìèO  PèÂþÿÿ‹ø…ÿuSè5ÿÿÿVÿ` ‹Mü‹Ç_^[è2äÿÿÉ ‹ÿU‹ìì0  W‰…Øýÿÿ‰Ôýÿÿ‰•Ðýÿÿ‰Ìýÿÿ‰µÈýÿÿ‰½ÄýÿÿfŒ•ðýÿÿfŒäýÿÿfŒÀýÿÿfŒ…¼ýÿÿfŒ¥¸ýÿÿfŒ­´ýÿÿœ…èýÿÿÇ…(ýÿÿ  ‹E‰…àýÿÿE‰…ìýÿÿE‹@ü‰…ÜýÿÿjY3À½Ðüÿÿó«Ç…Ðüÿÿ	 À‹E‰…Üüÿÿ…Ðüÿÿ‰Eø…(ýÿÿ‰Eü¡d@ ‰… ýÿÿ¡°@ ‰…$ýÿÿj ÿ” EøPÿ¼ h  ÿP Pÿ¸ _ÉАÿ%È ¸ @ ë QRPhh2 è™ôÿÿZYÿàÿ% @ ‹ÿU‹ìVWjj ÿuÿ0 ¾”@ V‹øÿh ÿ
@ uj ÿD ÿ( Vÿ` Wÿ@ _^] ‹ÿU‹ìVWjj ÿuÿ$ ¾”@ V‹øÿh ÿ
@ uj ÿD ÿ( Vÿ` Wÿ@ _^]    Ð2  B   @  3                  3  ¸@  @  3                                              NETAPI32.dll Zole32.dll  3      *3  <3        Netbios   CoInitializeEx 2  CoInitializeSecurity  ì3  ÿÿÿÿÿÿÿÿ¸3     (4  ÿÿÿÿÿÿÿÿÆ3  <  ¼4  ÿÿÿÿÿÿÿÿÔ3  Ð  5  ÿÿÿÿÿÿÿÿÞ3  $                      ADVAPI32.dll  KERNEL32.dll  ntdll.dll RPCRT4.dll  85  L5  h5  |5  š5  ¸5  Ø5  î5  6  6  (6  F6  T6  d6      ‚6  Ž6  ž6  ´6  À6  Ì6  à6  ô6  7  7  07  <7  T7  d7  r7  ~7  š7  ¦7  ´7  Æ7  â7  ô7  8  "8  @8  ^8  n8  ˆ8  ˜8  ®8  Ä8  Þ8  ò8  9  9  (9      @9  X9  f9  r9  |9  †9  ˜9  ²9  Ê9  Þ9  ö9  :  :  0:  P:  j:  v:  Š:  ”:  ²:      À:  Ú:  ô:  ;  (;  :;  T;  j;  €;      ïRegQueryValueExW  1SetSecurityDescriptorDacl "SetEntriesInAclW  2SetSecurityDescriptorGroup  3SetSecurityDescriptorOwner  2InitializeSecurityDescriptor  GetTokenInformation ªOpenProcessToken  ¯OpenThreadToken ;SetServiceStatus  RegisterServiceCtrlHandlerW ÊRegCloseKey åRegOpenKeyExW BStartServiceCtrlDispatcherW HeapFree  hGetLastError  ‚WideCharToMultiByte ¸lstrlenW  NLocalFree ;GetCurrentProcess =GetCurrentThread  ˜GetProcAddress  FLoadLibraryExW  CLeaveCriticalSection  HeapAlloc – EnterCriticalSection  7LCMapStringW  ð FreeLibrary ²lstrcpyW  º ExpandEnvironmentStringsW ¯lstrcmpiW ¶ ExitProcess 
GetCommandLineW InitializeCriticalSection œGetProcessHeap  SetErrorMode  6SetUnhandledExceptionFilter ®RegisterWaitForSingleObject InterlockedCompareExchange  DLoadLibraryA  ”QueryPerformanceCounter ÔGetTickCount  >GetCurrentThreadId  <GetCurrentProcessId ÀGetSystemTimeAsFileTime JTerminateProcess  [UnhandledExceptionFilter  JLocalAlloc  ¬lstrcmpW  } DelayLoadFailureHook  ú NtQuerySecurityObject @RtlFreeHeap Ç NtOpenKey wcscat  wcscpy  ŽRtlAllocateHeap °RtlCompareUnicodeString vRtlInitUnicodeString  „RtlInitializeSid  ³RtlLengthRequiredSid  .RtlSubAuthoritySid  g NtClose -RtlSubAuthorityCountSid PRtlGetDaclSecurityDescriptor  âRtlQueryInformationAcl  IRtlGetAce lRtlImageNtHeader  wcslen  BRtlUnhandledExceptionFilter ÅRtlCopySid  ªRpcServerUnregisterIfEx ŒRpcMgmtWaitServerListen ‰RpcMgmtSetServerStackSize ©RpcServerUnregisterIf ¢RpcServerListen ³RpcServerUseProtseqEpW  ¥RpcServerRegisterIf 6 I_RpcMapWin32Status ‹RpcMgmtStopServerListening      À[H       $   Ü;  Ü/      À[H)8
      Ø;  Ø/  8»RSDSÈÏ*¢dÕûM¸Ä Rž‘Fv   svchost.pdb
With characteristics, code execute read.

Unsure if this is normal.
Using combofix I can find the rootkit, and apparently remove it. Yet it seems to establish itself again straight away.

I ran into this, Neprodoor

(I have to browse in cache as any search engine redirects me once I click on a link)

Seems likely that this is what I have. Can anyone help?
I would download their software and test, but you need to pay.

One more thing, DEP (Data Exucution Prevention) seems to have made it's way back onto my system after my last combofix attempt. I don't understand why, but it annoys me so much.

Edited by jaharradine, 02 May 2011 - 08:17 AM.


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:10 AM

Posted 10 May 2011 - 01:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:10 AM

Posted 19 May 2011 - 09:41 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users