Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSSKILLER wont Run


  • Please log in to reply
9 replies to this topic

#1 Drew1979

Drew1979

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 19 May 2011 - 01:12 PM

Hi,

I'm new to the forum and I followed the self-help direction to download TDSSKILLER. I saved the tdsskiller.exe to my desktop and renamed it to .com and tried opening it but wont open.
If someone can please help me on what to do next...I would be so thankful. I have the redirect virus and its drving me nuts.

Thanks and Please help

BC AdBot (Login to Remove)

 


#2 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:07:31 AM

Posted 19 May 2011 - 01:19 PM

Hi Drew1979,

Can you tell me which "Self-Help" guide you are referring to and give us a little more information as to what is happening with your computer.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#3 Drew1979

Drew1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 19 May 2011 - 01:33 PM

I used the helpguide from here:

BleepingComputer.com -> Virus, Spyware, & Malware Removal Guides
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

This all started yesterday...my wife used my computer and I got infected witht he windows diagnostic virus and I was able to use that
to remove the virus but I followed the selfguide to try and remove the redirect virus but cannot open the tdsskiller.exe after i rename it.
The problem is if i goto google.com and ex. type espn on the search engine and if i clckc on it, instead of going to espn.com i get redirected to some other
website.

The windows diagnostic was removed...i used the rkill, then malwarebytes anit-malware and unhide.exe and i dont have that problem anymore.
And I'm using avast anti-virus and when i turn on my computer as soon as windows opens I get a warning saying avast blocked malicious malware...i dont know if that is related to the redirect virus.
If you can help me out with this, it would be greatly appreciated.

Thanks

#4 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:07:31 AM

Posted 19 May 2011 - 01:41 PM

Hi Drew1979,

Let's see if we can figure out what possible rootkit you might still have running.

Please download GMER from one of the following locations and save it to your desktop:

* Main Mirror
This version will download a randomly named file (Recommended)
* Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

* Disconnect from the Internet and close all running programs.
* Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
* Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
* Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
Posted Image

* GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
* If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
* Now click the Scan button. If you see a rootkit warning window, click OK.
* When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
* Click the Copy button and paste the results into your next reply.
* Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

I'd also like you to post the results from your Malwarebytes scan.

Open Malwarebytes and click the Logs tab.
In the list you will see one or more logs. Open the newest dated log and copy and paste the results in your reply.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#5 Drew1979

Drew1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 19 May 2011 - 02:08 PM

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 12:06:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AADS-00S9B0 rev.01.00A01
Running: w39o0ohf.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CF5A202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91C94CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CF5C81C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CF5C874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CF5C98A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CF5C772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CF5C8C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CF5C7C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CF5C938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CF5A226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91C94D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CF59FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CF5A24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CF5CD82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CF5ACDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CF5C84C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CF5C89C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CF5C9B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CF5C79E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CF5C904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CF5C7F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CF5C962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91C94DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CF5ABA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CF5A26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CF5A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CF5A04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CF5A186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CF5A162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CF5A1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CF5A2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91CAA902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C5E569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C83092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82C8A824 4 Bytes [02, A2, F5, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82C8A84C 4 Bytes [B2, 4C, C9, 91] {MOV DL, 0x4c; LEAVE ; XCHG ECX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82C8A900 8 Bytes [1C, C8, F5, 8C, 74, C8, F5, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82C8A90C 4 Bytes [8A, C9, F5, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82C8A928 4 Bytes [72, C7, F5, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E242CC 5 Bytes JMP 91CA62BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E3E003 5 Bytes JMP 91CA7D74 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E885CA 4 Bytes CALL 8CF5B34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E906A4 4 Bytes CALL 8CF5B361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EF62EC 7 Bytes JMP 91CAA906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spjm.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92212000, 0x34203C, 0xE8000020]
.text USBPORT.SYS!DllUnload 929BFCA0 5 Bytes JMP 86E8E1D8
.text a2ae5gc9.SYS 91DC1000 12 Bytes [44, 08, 03, 83, EE, 06, 03, ...] {INC ESP; OR [EBX], AL; SUB ESI, 0x6; ADD EAX, [EBX-0x7cfd1860]}
.text a2ae5gc9.SYS 91DC100D 9 Bytes [E7, 02, 83, 48, 0B, 03, 83, ...] {OUT 0x2, EAX; OR DWORD [EAX+0xb], 0x3; ADD DWORD [EAX], 0x0}
.text a2ae5gc9.SYS 91DC1017 41 Bytes [00, DE, 67, 72, 8C, E6, 65, ...]
.text a2ae5gc9.SYS 91DC1041 128 Bytes [36, C8, 82, 60, 35, C8, 82, ...]
.text a2ae5gc9.SYS 91DC10C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys A6031C9D 28 Bytes JMP FDFD137D
.text peauth.sys A6031CC1 28 Bytes JMP FDFD13A1
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AF22B000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AF22B123 629 Bytes [65, 22, AF, FE, 05, 34, 65, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AF22B399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AF22B3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B AF22B4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
.text kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[268] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001F0804
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00310A08
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 003103FC
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00310804
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 003101F8
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[376] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00310600
.text C:\Program Files\Secunia\PSI\sua.exe[444] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\sua.exe[444] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000701F8
.text C:\Program Files\Secunia\PSI\sua.exe[444] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00280A08
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002803FC
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00280804
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002801F8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[452] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00280600
.text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001703FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001701F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002003FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00200804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002001F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[460] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\wininit.exe[516] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[516] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[516] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\wininit.exe[516] USER32.dll!UnhookWindowsHookEx 770BCC7B 3 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[516] USER32.dll!UnhookWindowsHookEx + 4 770BCC7F 1 Byte [89]
.text C:\Windows\system32\wininit.exe[516] USER32.dll!UnhookWinEvent 770BD924 3 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[516] USER32.dll!UnhookWinEvent + 4 770BD928 1 Byte [89]
.text C:\Windows\system32\wininit.exe[516] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[516] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[516] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\services.exe[572] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[572] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[604] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[604] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[604] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!UnhookWindowsHookEx 770BCC7B 3 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!UnhookWindowsHookEx + 4 770BCC7F 1 Byte [89]
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!UnhookWinEvent 770BD924 3 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!UnhookWinEvent + 4 770BD928 1 Byte [89]
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[624] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[624] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001F0804
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[696] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[756] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[756] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[756] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[868] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00210600
.text C:\Windows\system32\atiesrxx.exe[960] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[960] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[960] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[960] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atiesrxx.exe[960] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atiesrxx.exe[960] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\atiesrxx.exe[960] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atiesrxx.exe[960] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00480A08
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 004803FC
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00480804
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 004801F8
.text C:\Windows\System32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00480600
.text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00570A08
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 005703FC
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00570804
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 005701F8
.text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00570600
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00E80A08
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 00E803FC
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00E80804
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 00E801F8
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00E80600
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00530A08
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 005303FC
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00530804
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 005301F8
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00530600
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00110804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1356] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00110600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1360] KERNEL32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1432] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00180A08
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001803FC
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00180804
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001801F8
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00180600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1456] kernel32.dll!SetUnhandledExceptionFilter 772D3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1456] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1712] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1712] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1712] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1712] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\Dwm.exe[1712] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001003FC
.text C:\Windows\system32\Dwm.exe[1712] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00100804
.text C:\Windows\system32\Dwm.exe[1712] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\Dwm.exe[1712] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00100600
.text C:\Windows\Explorer.EXE[1720] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1720] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1720] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\Explorer.EXE[1720] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001E0A08
.text C:\Windows\Explorer.EXE[1720] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001E03FC
.text C:\Windows\Explorer.EXE[1720] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001E0804
.text C:\Windows\Explorer.EXE[1720] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001E01F8
.text C:\Windows\Explorer.EXE[1720] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 005C0A08
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 005C03FC
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 005C0804
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 005C01F8
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 005C0600
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00300A08
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 003003FC
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00300804
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 003001F8
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[1996] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00300600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002103FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00210804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002101F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2008] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00210600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000F0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2056] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!EnableWindow 770BA72E 5 Bytes JMP 6F639884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00130A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00130804
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxIndirectParamW 770E4AA7 5 Bytes JMP 6F78590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxParamW 770E564A 5 Bytes JMP 6F5915BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00130600
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxParamA 770FCF6A 5 Bytes JMP 6F7858AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxIndirectParamA 770FD29C 5 Bytes JMP 6F785974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxIndirectA 7710E8C9 5 Bytes JMP 6F785831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxIndirectW 7710E9C3 5 Bytes JMP 6F7857B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxExA 7710EA29 5 Bytes JMP 6F785754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxExW 7710EA4D 5 Bytes JMP 6F7856F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WININET.dll!HttpAddRequestHeadersA 75CA1B9C 5 Bytes JMP 005F64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WININET.dll!HttpAddRequestHeadersW 75CEF7A8 5 Bytes JMP 005F66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WS2_32.dll!closesocket 77783BED 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WS2_32.dll!recv 777847DF 5 Bytes JMP 00B8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WS2_32.dll!connect 777848BE 5 Bytes JMP 00B9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WS2_32.dll!getaddrinfo 77786737 5 Bytes JMP 00FF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WS2_32.dll!send 7778C4C8 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2068] WS2_32.dll!gethostbyname 77797133 5 Bytes JMP 00FE000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001801F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2116] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00180600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001F03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 001F0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001F01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2124] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000F0804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[2144] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002003FC
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00200804
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002001F8
.text C:\Program Files\MagicDisc\MagicDisc.exe[2176] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00200600
.text C:\Windows\System32\spoolsv.exe[2432] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[2432] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[2432] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2432] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[2432] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[2432] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[2432] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[2432] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\taskhost.exe[2488] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2488] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2488] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2488] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[2488] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[2488] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[2488] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[2488] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[2660] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2660] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2660] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2660] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00520A08
.text C:\Windows\system32\svchost.exe[2660] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 005203FC
.text C:\Windows\system32\svchost.exe[2660] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00520804
.text C:\Windows\system32\svchost.exe[2660] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 005201F8
.text C:\Windows\system32\svchost.exe[2660] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00520600
.text C:\Windows\system32\svchost.exe[2788] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2788] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2788] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2808] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001103FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00110804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001101F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2856] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00110600
.text C:\Program Files\CloudManager\CloudManager.exe[2908] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\CloudManager\CloudManager.exe[2908] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\CloudManager\CloudManager.exe[2908] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\CloudManager\CloudManager.exe[2908] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\CloudManager\CloudManager.exe[2908] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000F03FC
.text C:\Program Files\CloudManager\CloudManager.exe[2908] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000F0804
.text C:\Program Files\CloudManager\CloudManager.exe[2908] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000F01F8
.text C:\Program Files\CloudManager\CloudManager.exe[2908] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000F0600
.text C:\Windows\system32\libusbd-nt.exe[2960] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 002503FC
.text C:\Windows\system32\libusbd-nt.exe[2960] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 002501F8
.text C:\Windows\system32\libusbd-nt.exe[2960] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\libusbd-nt.exe[2960] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 002F0A08
.text C:\Windows\system32\libusbd-nt.exe[2960] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002F03FC
.text C:\Windows\system32\libusbd-nt.exe[2960] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002F0804
.text C:\Windows\system32\libusbd-nt.exe[2960] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002F01F8
.text C:\Windows\system32\libusbd-nt.exe[2960] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002F0600
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002003FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00200804
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002001F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[3008] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00200600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[3040] KERNEL32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3072] KERNEL32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3204] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3204] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3204] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3204] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00130A08
.text C:\Windows\System32\svchost.exe[3204] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001303FC
.text C:\Windows\System32\svchost.exe[3204] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00130804
.text C:\Windows\System32\svchost.exe[3204] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001301F8
.text C:\Windows\System32\svchost.exe[3204] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00130600
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001003FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00100804
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001001F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[3480] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[3656] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[3656] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[3656] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[3684] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3760] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3972] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3972] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3972] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3972] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000D0A08
.text C:\Windows\system32\SearchIndexer.exe[3972] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000D03FC
.text C:\Windows\system32\SearchIndexer.exe[3972] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000D0804
.text C:\Windows\system32\SearchIndexer.exe[3972] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000D01F8
.text C:\Windows\system32\SearchIndexer.exe[3972] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000D0600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00300A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 003003FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00300804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 003001F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4040] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00300600
.text C:\Users\Andrew\Desktop\w39o0ohf.exe[4100] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text c:\program files\windows defender\MpCmdRun.exe[4240] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text c:\program files\windows defender\MpCmdRun.exe[4240] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text c:\program files\windows defender\MpCmdRun.exe[4240] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text c:\program files\windows defender\MpCmdRun.exe[4240] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00190A08
.text c:\program files\windows defender\MpCmdRun.exe[4240] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001903FC
.text c:\program files\windows defender\MpCmdRun.exe[4240] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00190804
.text c:\program files\windows defender\MpCmdRun.exe[4240] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001901F8
.text c:\program files\windows defender\MpCmdRun.exe[4240] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00190600
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] kernel32.dll!CreateThread 772D281D 5 Bytes JMP 6F5F7133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!EnableWindow 770BA72E 5 Bytes JMP 6F639884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 6F67EB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!CallNextHookEx 770BCC8F 5 Bytes JMP 6F657AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!UnhookWinEvent 770BD924 3 Bytes JMP 000C03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!UnhookWinEvent + 4 770BD928 1 Byte [89]
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DefWindowProcA 770BE0E4 7 Bytes JMP 6F5F9345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!CreateWindowExA 770BE18A 5 Bytes JMP 6F603173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!CreateWindowExW 770C0E51 5 Bytes JMP 6F65FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 6F631FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000C01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DefWindowProcW 770C724B 7 Bytes JMP 6F657B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxIndirectParamW 770E4AA7 5 Bytes JMP 6F78590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxParamW 770E564A 5 Bytes JMP 6F5915BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000C0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxParamA 770FCF6A 5 Bytes JMP 6F7858AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!DialogBoxIndirectParamA 770FD29C 5 Bytes JMP 6F785974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxIndirectA 7710E8C9 5 Bytes JMP 6F785831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxIndirectW 7710E9C3 5 Bytes JMP 6F7857B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxExA 7710EA29 5 Bytes JMP 6F785754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] USER32.dll!MessageBoxExW 7710EA4D 5 Bytes JMP 6F7856F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] ole32.dll!OleLoadFromStream 76CC5BF6 5 Bytes JMP 6F786110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] ole32.dll!CoCreateInstance 76D1590C 5 Bytes JMP 6F65B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WININET.dll!HttpAddRequestHeadersA 75CA1B9C 5 Bytes JMP 003E64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WININET.dll!HttpAddRequestHeadersW 75CEF7A8 5 Bytes JMP 003E66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WS2_32.dll!closesocket 77783BED 5 Bytes JMP 0057000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WS2_32.dll!recv 777847DF 5 Bytes JMP 0055000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WS2_32.dll!connect 777848BE 5 Bytes JMP 0056000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WS2_32.dll!getaddrinfo 77786737 5 Bytes JMP 005A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WS2_32.dll!send 7778C4C8 5 Bytes JMP 0058000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4308] WS2_32.dll!gethostbyname 77797133 5 Bytes JMP 0059000A
.text C:\Windows\system32\svchost.exe[4320] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4320] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4320] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4320] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 002D0A08
.text C:\Windows\system32\svchost.exe[4320] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002D03FC
.text C:\Windows\system32\svchost.exe[4320] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 002D0804
.text C:\Windows\system32\svchost.exe[4320] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002D01F8
.text C:\Windows\system32\svchost.exe[4320] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 002D0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00100804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4472] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] kernel32.dll!CreateThread 772D281D 5 Bytes JMP 6F5F7133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!EnableWindow 770BA72E 5 Bytes JMP 6F639884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 6F67EB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!CallNextHookEx 770BCC8F 5 Bytes JMP 6F657AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!DefWindowProcA 770BE0E4 7 Bytes JMP 6F5F9345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!CreateWindowExA 770BE18A 5 Bytes JMP 6F603173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!CreateWindowExW 770C0E51 5 Bytes JMP 6F65FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 6F631FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!DefWindowProcW 770C724B 7 Bytes JMP 6F657B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!DialogBoxIndirectParamW 770E4AA7 5 Bytes JMP 6F78590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!DialogBoxParamW 770E564A 5 Bytes JMP 6F5915BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!DialogBoxParamA 770FCF6A 5 Bytes JMP 6F7858AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!DialogBoxIndirectParamA 770FD29C 5 Bytes JMP 6F785974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!MessageBoxIndirectA 7710E8C9 5 Bytes JMP 6F785831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!MessageBoxIndirectW 7710E9C3 5 Bytes JMP 6F7857B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!MessageBoxExA 7710EA29 5 Bytes JMP 6F785754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] USER32.dll!MessageBoxExW 7710EA4D 5 Bytes JMP 6F7856F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] ole32.dll!OleLoadFromStream 76CC5BF6 5 Bytes JMP 58A50DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] ole32.dll!CoCreateInstance 76D1590C 5 Bytes JMP 6F65B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WININET.dll!HttpAddRequestHeadersA 75CA1B9C 5 Bytes JMP 003E64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WININET.dll!HttpAddRequestHeadersW 75CEF7A8 5 Bytes JMP 003E66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WS2_32.dll!closesocket 77783BED 5 Bytes JMP 00C7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WS2_32.dll!recv 777847DF 5 Bytes JMP 00BC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WS2_32.dll!connect 777848BE 5 Bytes JMP 00C6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WS2_32.dll!getaddrinfo 77786737 5 Bytes JMP 00CA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WS2_32.dll!send 7778C4C8 5 Bytes JMP 00C8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4724] WS2_32.dll!gethostbyname 77797133 5 Bytes JMP 00C9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!EnableWindow 770BA72E 5 Bytes JMP 6F639884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00230A08
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00230804
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamW 770E4AA7 5 Bytes JMP 6F78590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamW 770E564A 5 Bytes JMP 6F5915BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamA 770FCF6A 5 Bytes JMP 6F7858AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamA 770FD29C 5 Bytes JMP 6F785974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectA 7710E8C9 5 Bytes JMP 6F785831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectW 7710E9C3 5 Bytes JMP 6F7857B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExA 7710EA29 5 Bytes JMP 6F785754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExW 7710EA4D 5 Bytes JMP 6F7856F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WININET.dll!HttpAddRequestHeadersA 75CA1B9C 5 Bytes JMP 004D64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WININET.dll!HttpAddRequestHeadersW 75CEF7A8 5 Bytes JMP 004D66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WS2_32.dll!closesocket 77783BED 5 Bytes JMP 00BA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WS2_32.dll!recv 777847DF 5 Bytes JMP 00B8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WS2_32.dll!connect 777848BE 5 Bytes JMP 00B9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WS2_32.dll!getaddrinfo 77786737 5 Bytes JMP 00BD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WS2_32.dll!send 7778C4C8 5 Bytes JMP 00BB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] WS2_32.dll!gethostbyname 77797133 5 Bytes JMP 00BC000A
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] user32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] user32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 000F03FC
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] user32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 000F0804
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] user32.dll!SetWinEventHook 770C507E 5 Bytes JMP 000F01F8
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5644] user32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 000F0600
.text C:\Windows\system32\sppsvc.exe[6056] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 000703FC
.text C:\Windows\system32\sppsvc.exe[6056] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 000701F8
.text C:\Windows\system32\sppsvc.exe[6056] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[6056] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00110A08
.text C:\Windows\system32\sppsvc.exe[6056] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 001103FC
.text C:\Windows\system32\sppsvc.exe[6056] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00110804
.text C:\Windows\system32\sppsvc.exe[6056] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 001101F8
.text C:\Windows\system32\sppsvc.exe[6056] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00110600
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] ntdll.dll!LdrUnloadDll 7769BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] ntdll.dll!LdrLoadDll 7769F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] kernel32.dll!GetBinaryTypeW + 70 772E7984 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] USER32.dll!UnhookWindowsHookEx 770BCC7B 5 Bytes JMP 00240A08
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] USER32.dll!UnhookWinEvent 770BD924 5 Bytes JMP 002403FC
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] USER32.dll!SetWindowsHookExW 770C210A 5 Bytes JMP 00240804
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] USER32.dll!SetWinEventHook 770C507E 5 Bytes JMP 002401F8
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[6092] USER32.dll!SetWindowsHookExA 770E6DFA 5 Bytes JMP 00240600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C62A042] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C62A6D6] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C62A800] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C62A13E] \SystemRoot\System32\Drivers\spjm.sys
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a2ae5gc9.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[364] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75735E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B031F8
Device \FileSystem\udfs \UdfsCdRom 86DA01F8
Device \FileSystem\udfs \UdfsDisk 86DA01F8
Device \Driver\sptd \Device\3039683291 spjm.sys
Device \Driver\volmgr \Device\VolMgrControl 85AFE1F8
Device \Driver\usbuhci \Device\USBPDO-0 86F1D1F8
Device \Driver\usbuhci \Device\USBPDO-1 86F1D1F8
Device \Driver\usbuhci \Device\USBPDO-2 86F1D1F8
Device \Driver\usbehci \Device\USBPDO-3 86F26500
Device \Driver\usbuhci \Device\USBPDO-4 86F1D1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-5 86F1D1F8
Device \Driver\usbuhci \Device\USBPDO-6 86F1D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85AFE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 86F26500
Device \Driver\volmgr \Device\HarddiskVolume2 85AFE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86D54500
Device \Driver\PCI_PNP5290 \Device\00000059 spjm.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85B001F8
Device \Driver\atapi \Device\Ide\IdePort0 85B001F8
Device \Driver\atapi \Device\Ide\IdePort1 85B001F8
Device \Driver\atapi \Device\Ide\IdePort2 85B001F8
Device \Driver\atapi \Device\Ide\IdePort3 85B001F8
Device \Driver\atapi \Device\Ide\IdePort4 85B001F8
Device \Driver\atapi \Device\Ide\IdePort5 85B001F8
Device \Driver\atapi \Device\Ide\IdePort6 85B001F8
Device \Driver\atapi \Device\Ide\IdePort7 85B001F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 85B011F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 85B011F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 85B011F8
Device \Driver\msahci \Device\Ide\PciIde1Channel3 85B011F8
Device \Driver\msahci \Device\Ide\PciIde1Channel4 85B011F8
Device \Driver\msahci \Device\Ide\PciIde1Channel5 85B011F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 85B001F8
Device \Driver\volmgr \Device\HarddiskVolume3 85AFE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86D54500
Device \Driver\cdrom \Device\CdRom2 86D54500
Device \Driver\NetBT \Device\NetBt_Wins_Export 86E321F8
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 86F1D1F8
Device \Driver\usbuhci \Device\USBFDO-1 86F1D1F8
Device \Driver\usbuhci \Device\USBFDO-2 86F1D1F8
Device \Driver\usbehci \Device\USBFDO-3 86F26500
Device \Driver\usbuhci \Device\USBFDO-4 86F1D1F8
Device \Driver\usbuhci \Device\USBFDO-5 86F1D1F8
Device \Driver\usbuhci \Device\USBFDO-6 86F1D1F8
Device \Driver\usbehci \Device\USBFDO-7 86F26500
Device \Driver\a2ae5gc9 \Device\Scsi\a2ae5gc91 871BB500
Device \Driver\a2ae5gc9 \Device\Scsi\a2ae5gc91Port9Path0Target0Lun0 871BB500
Device \FileSystem\cdfs \Cdfs 86D6F1F8

---- Threads - GMER 1.0.15 ----

Thread System [4:276] 86B92E7A
Thread System [4:280] 86B95008

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0x37 0xF8 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0xC8 0x60 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x17 0x83 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0x37 0xF8 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0xC8 0x60 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x17 0x83 0x8A ...

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r6 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 37888 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{f593e137-823d-11e0-b7f8-6cf04977fbe5}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{f593e137-823d-11e0-b7f8-6cf04977fbe5}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{f593e137-823d-11e0-b7f8-6cf04977fbe5}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\rkill.log 357 bytes
File C:\## aswSnx private storage\webStorage\image\Users 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Explorer 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\History 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGDCDQNV 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGDCDQNV\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFC01FVG 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFC01FVG\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWA7MUZK 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWA7MUZK\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ0RNG0T 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ0RNG0T\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\curo.reg 220 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\extra.dat 472 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\h 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\h\explorer.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\h\iexplore.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\lmro.reg 222 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\lmroe.reg 74 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nircmd.chm 38015 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nircmd.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nircmdc.exe 30720 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nird 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nird\iexplore.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\pev.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\prep.bat 68 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs\explorer.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs\iexplore.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs\proc.dat 11031 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\proxycheck.exe 302187 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\rkill.bat 5003 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\rkill.reg 3087 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\s.inf 1081 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\sed.exe 98816 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\serv.dat 190 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\sh.vbs 313 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\swreg.exe 161792 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\userinit.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\winlogon.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\wl.txt 323 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\test.reg 11540 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF\setupapi.app.log 12149593 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 23640 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\EXPLORER.EXE-CC5F5AD1.pf 8820 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\GRPCONV.EXE-B823222B.pf 14298 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-7A2354E4.pf 9304 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\INFDEFAULTINSTALL.EXE-39AFC5CD.pf 22536 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf 39338 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\RUNONCE.EXE-D0649312.pf 39762 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\USERINIT.EXE-01E302FF.pf 25472 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32\DriverStore 0 bytes

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6612

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/18/2011 11:09:42 PM
mbam-log-2011-05-18 (23-09-42).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 4718
Time elapsed: 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:07:31 AM

Posted 19 May 2011 - 02:31 PM

Hi Drew1979,

Your GMER log is a little "busy". Let's see if we can't slim it down and clean up some of the extra stuff in the log.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Re-run the GMER scan as before once you have run Defogger and post the log.

Also, Please download mbr.exe and save it to your desktop.
Doubleclick on mbr.exe to run it (if you use Windows Vista or 7, right click on the file and select "run as administrator).
You will see a command window flashing and afterwards you can find the log on the desktop (mbr.log).
Please post its contents in your next reply.

I will most likely be away for the evening when you finish with these. Please post your logs and I will return tomorrow morning.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#7 Drew1979

Drew1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 19 May 2011 - 03:13 PM

During the scan through GMER, got a warning stating GMER has found system modificatoin caused by ROOTKIT acitivty.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 13:09:14
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AADS-00S9B0 rev.01.00A01
Running: w39o0ohf.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91E38202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91D20CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91E3A81C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91E3A874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91E3A98A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91E3A772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x91E3A8C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91E3A7C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91E3A938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91E38226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91D20D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91E37FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91E3824A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91E3AD82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91E38CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91E3A84C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91E3A89C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91E3A9B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91E3A79E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91E3A904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91E3A7F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91E3A962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91D20DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91E38BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91E3826E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91E38292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91E3804A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91E38186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91E38162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91E381AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91E382B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91D36902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C50569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82C7C824 4 Bytes [02, 82, E3, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82C7C84C 4 Bytes [B2, 0C, D2, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82C7C900 8 Bytes [1C, A8, E3, 91, 74, A8, E3, ...] {SBB AL, 0xa8; JECXZ 0xffffffffffffff95; JZ 0xffffffffffffffae; JECXZ 0xffffffffffffff99}
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82C7C90C 4 Bytes [8A, A9, E3, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82C7C928 4 Bytes [72, A7, E3, 91] {JB 0xffffffffffffffa9; JECXZ 0xffffffffffffff95}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E162CC 5 Bytes JMP 91D322BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E30003 5 Bytes JMP 91D33D74 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E7A5CA 4 Bytes CALL 91E3934B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E826A4 4 Bytes CALL 91E39361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EE82EC 7 Bytes JMP 91D36906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS The system cannot find the file specified. !
? C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS The system cannot find the file specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A3E000, 0x34203C, 0xE8000020]
.text win32k.sys!EngMultiByteToUnicodeN + 7231 994C987A 5 Bytes JMP 91E3B342 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A1B 994E08AA 5 Bytes JMP 91E3B46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + C12F 9950172E 5 Bytes JMP 91E3BE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3322 99514F4F 5 Bytes JMP 91E3AF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4027 99515C54 5 Bytes JMP 91E3BC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 177B 9951B585 5 Bytes JMP 91E3B352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79DD 99537AE0 5 Bytes JMP 91E3AFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 86C4 995387C7 5 Bytes JMP 91E3AE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 92B4 995393B7 5 Bytes JMP 91E3B1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A5D0 995541B4 5 Bytes JMP 91E3BB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + C985 99556569 5 Bytes JMP 91E3ADB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 9955FBAD 5 Bytes JMP 91E3BBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5201 99564840 5 Bytes JMP 91E3C040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 99577A52 5 Bytes JMP 91E3AE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AE86 9958C7BF 5 Bytes JMP 91E3BC1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 9788 9959FCBC 5 Bytes JMP 91E3B114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 995A7D9A 5 Bytes JMP 91E3BEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 995BB815 5 Bytes JMP 91E3B0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 995CB864 5 Bytes JMP 91E3BF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 995F626F 5 Bytes JMP 91E3B034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C6C 995FA27E 5 Bytes JMP 91E3B06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 995FCF34 5 Bytes JMP 91E3BD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6D0F 99605C35 5 Bytes JMP 91E3AF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9DB99000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9DB99123 629 Bytes [45, B9, 9D, FE, 05, 34, 45, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9DB99399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9DB993FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 53C3 9DB99433 84 Bytes [B8, 9D, 85, C9, 7C, 18, 8D, ...]
PAGE ...
.text kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\CloudManager\CloudManager.exe[360] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\CloudManager\CloudManager.exe[360] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\CloudManager\CloudManager.exe[360] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\CloudManager\CloudManager.exe[360] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\CloudManager\CloudManager.exe[360] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000F03FC
.text C:\Program Files\CloudManager\CloudManager.exe[360] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000F0804
.text C:\Program Files\CloudManager\CloudManager.exe[360] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000F01F8
.text C:\Program Files\CloudManager\CloudManager.exe[360] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000F0600
.text C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll 776ABEAF 3 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll + 4 776ABEB3 1 Byte [88]
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[512] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\services.exe[552] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[552] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[552] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[576] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002003FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00200804
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002001F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[580] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[584] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrUnloadDll 776ABEAF 3 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrUnloadDll + 4 776ABEB3 1 Byte [88]
.text C:\Windows\system32\winlogon.exe[612] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[612] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[612] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\libusbd-nt.exe[680] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 002503FC
.text C:\Windows\system32\libusbd-nt.exe[680] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 002501F8
.text C:\Windows\system32\libusbd-nt.exe[680] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\libusbd-nt.exe[680] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00410A08
.text C:\Windows\system32\libusbd-nt.exe[680] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 004103FC
.text C:\Windows\system32\libusbd-nt.exe[680] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00410804
.text C:\Windows\system32\libusbd-nt.exe[680] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 004101F8
.text C:\Windows\system32\libusbd-nt.exe[680] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00410600
.text C:\Windows\system32\svchost.exe[736] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[736] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[764] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[844] user32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[844] user32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001403FC
.text C:\Windows\system32\svchost.exe[844] user32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[844] user32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[844] user32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00140600
.text C:\Windows\system32\atiesrxx.exe[896] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[896] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[896] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[896] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 002F0A08
.text C:\Windows\system32\atiesrxx.exe[896] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002F03FC
.text C:\Windows\system32\atiesrxx.exe[896] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 002F0804
.text C:\Windows\system32\atiesrxx.exe[896] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002F01F8
.text C:\Windows\system32\atiesrxx.exe[896] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 002F0600
.text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 004E0A08
.text C:\Windows\System32\svchost.exe[976] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 004E03FC
.text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 004E0804
.text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 004E01F8
.text C:\Windows\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 004E0600
.text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00540A08
.text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 005403FC
.text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00540804
.text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 005401F8
.text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00540600
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00D60A08
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 00D603FC
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00D60804
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 00D601F8
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00D60600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[1104] KERNEL32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1116] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00390A08
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 003903FC
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00390804
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 003901F8
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00390600
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1412] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001A0600
.text C:\Windows\system32\atieclxx.exe[1424] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1424] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1424] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1424] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atieclxx.exe[1424] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atieclxx.exe[1424] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\atieclxx.exe[1424] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atieclxx.exe[1424] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1500] kernel32.dll!SetUnhandledExceptionFilter 76EA3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1500] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002103FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00210804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002101F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1712] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00210600
.text C:\Windows\System32\spoolsv.exe[1812] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1812] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1812] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00090A08
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00090804
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[1812] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00150600
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00400A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 004003FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00400804
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 004001F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[1964] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00400600
.text C:\Windows\system32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1980] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000C0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000C0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000C01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2000] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000C0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00180804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00180600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00110804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2112] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00110600
.text C:\Windows\system32\taskhost.exe[2164] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2164] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2164] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2164] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00220A08
.text C:\Windows\system32\taskhost.exe[2164] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002203FC
.text C:\Windows\system32\taskhost.exe[2164] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00220804
.text C:\Windows\system32\taskhost.exe[2164] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002201F8
.text C:\Windows\system32\taskhost.exe[2164] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00220600
.text C:\Program Files\Secunia\PSI\sua.exe[2296] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000703FC
.text C:\Program Files\Secunia\PSI\sua.exe[2296] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000701F8
.text C:\Program Files\Secunia\PSI\sua.exe[2296] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2348] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2348] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2348] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2376] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2376] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2376] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00140A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00140804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00140600
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 002603FC
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 002601F8
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 002A0A08
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002A03FC
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 002A0804
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002A01F8
.text C:\Users\Andrew\Desktop\Defogger.exe[2604] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 002A0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2652] KERNEL32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2660] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2660] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2660] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2660] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00130A08
.text C:\Windows\system32\Dwm.exe[2660] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001303FC
.text C:\Windows\system32\Dwm.exe[2660] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00130804
.text C:\Windows\system32\Dwm.exe[2660] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001301F8
.text C:\Windows\system32\Dwm.exe[2660] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00130600
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2724] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\conhost.exe[2740] ntdll.dll!LdrUnloadDll 776ABEAF 3 Bytes JMP 000303FC
.text C:\Windows\system32\conhost.exe[2740] ntdll.dll!LdrUnloadDll + 4 776ABEB3 1 Byte [88]
.text C:\Windows\system32\conhost.exe[2740] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\conhost.exe[2740] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\conhost.exe[2740] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\conhost.exe[2740] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\conhost.exe[2740] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\conhost.exe[2740] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\conhost.exe[2740] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000C0600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2852] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2904] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Windows\Explorer.EXE[2928] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 002F03FC
.text C:\Windows\Explorer.EXE[2928] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 002F01F8
.text C:\Windows\Explorer.EXE[2928] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\Explorer.EXE[2928] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 003F0A08
.text C:\Windows\Explorer.EXE[2928] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 003F03FC
.text C:\Windows\Explorer.EXE[2928] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 003F0804
.text C:\Windows\Explorer.EXE[2928] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 003F01F8
.text C:\Windows\Explorer.EXE[2928] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 003F0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001703FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002003FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00200804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002001F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2948] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000F0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3008] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3092] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00190A08
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001903FC
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00190804
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001901F8
.text C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3240] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00190600
.text C:\Windows\system32\SearchIndexer.exe[3288] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3288] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3288] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3288] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[3288] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[3288] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[3288] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[3288] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00090600
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[3504] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3504] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3504] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3504] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00290A08
.text C:\Windows\system32\svchost.exe[3504] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002903FC
.text C:\Windows\system32\svchost.exe[3504] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00290804
.text C:\Windows\system32\svchost.exe[3504] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002901F8
.text C:\Windows\system32\svchost.exe[3504] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00290600
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002103FC
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00210804
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002101F8
.text C:\Program Files\Belkin\F5D8055\v2\HiddenUI\BelkinDetectUI.exe[3536] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00210600
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!EnableWindow 75E2A72E 5 Bytes JMP 69D79884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00230A08
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00230804
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamW 75E54AA7 5 Bytes JMP 69EC590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamW 75E5564A 5 Bytes JMP 69CD15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamA 75E6CF6A 5 Bytes JMP 69EC58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamA 75E6D29C 5 Bytes JMP 69EC5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectA 75E7E8C9 5 Bytes JMP 69EC5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectW 75E7E9C3 5 Bytes JMP 69EC57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExA 75E7EA29 5 Bytes JMP 69EC5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExW 75E7EA4D 5 Bytes JMP 69EC56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WININET.dll!HttpAddRequestHeadersA 77541B9C 5 Bytes JMP 002B64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WININET.dll!HttpAddRequestHeadersW 7758F7A8 5 Bytes JMP 002B66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!closesocket 75B93BED 5 Bytes JMP 005B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!recv 75B947DF 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!connect 75B948BE 5 Bytes JMP 005A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!getaddrinfo 75B96737 5 Bytes JMP 005E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!send 75B9C4C8 5 Bytes JMP 005C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] WS2_32.dll!gethostbyname 75BA7133 5 Bytes JMP 005D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] kernel32.dll!CreateThread 76EA281D 5 Bytes JMP 69D37133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!EnableWindow 75E2A72E 5 Bytes JMP 69D79884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 69DBEB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!CallNextHookEx 75E2CC8F 5 Bytes JMP 69D97AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!DefWindowProcA 75E2E0E4 7 Bytes JMP 69D39345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!CreateWindowExA 75E2E18A 5 Bytes JMP 69D43173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!CreateWindowExW 75E30E51 5 Bytes JMP 69D9FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 69D71FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!DefWindowProcW 75E3724B 7 Bytes JMP 69D97B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamW 75E54AA7 5 Bytes JMP 69EC590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamW 75E5564A 5 Bytes JMP 69CD15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxParamA 75E6CF6A 5 Bytes JMP 69EC58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!DialogBoxIndirectParamA 75E6D29C 5 Bytes JMP 69EC5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectA 75E7E8C9 5 Bytes JMP 69EC5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxIndirectW 75E7E9C3 5 Bytes JMP 69EC57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExA 75E7EA29 5 Bytes JMP 69EC5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] USER32.dll!MessageBoxExW 75E7EA4D 5 Bytes JMP 69EC56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] ole32.dll!OleLoadFromStream 75EF5BF6 5 Bytes JMP 69EC6110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] ole32.dll!CoCreateInstance 75F4590C 5 Bytes JMP 69D9B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WININET.dll!HttpAddRequestHeadersA 77541B9C 5 Bytes JMP 006D64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WININET.dll!HttpAddRequestHeadersW 7758F7A8 5 Bytes JMP 006D66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WS2_32.dll!closesocket 75B93BED 5 Bytes JMP 0085000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WS2_32.dll!recv 75B947DF 5 Bytes JMP 0083000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WS2_32.dll!connect 75B948BE 5 Bytes JMP 0084000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WS2_32.dll!getaddrinfo 75B96737 5 Bytes JMP 0088000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WS2_32.dll!send 75B9C4C8 5 Bytes JMP 0086000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3904] WS2_32.dll!gethostbyname 75BA7133 5 Bytes JMP 0087000A
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3924] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[4000] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4000] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4000] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4000] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 004D0A08
.text C:\Windows\system32\svchost.exe[4000] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 004D03FC
.text C:\Windows\system32\svchost.exe[4000] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 004D0804
.text C:\Windows\system32\svchost.exe[4000] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 004D01F8
.text C:\Windows\system32\svchost.exe[4000] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 004D0600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001803FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00180804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001801F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4108] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00180600
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002003FC
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00200804
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002001F8
.text C:\Program Files\MagicDisc\MagicDisc.exe[4248] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00200600
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00240A08
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002403FC
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00240804
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002401F8
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4376] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00240600
.text C:\Windows\system32\sppsvc.exe[4416] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000703FC
.text C:\Windows\system32\sppsvc.exe[4416] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000701F8
.text C:\Windows\system32\sppsvc.exe[4416] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[4416] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000A0A08
.text C:\Windows\system32\sppsvc.exe[4416] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000A03FC
.text C:\Windows\system32\sppsvc.exe[4416] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000A0804
.text C:\Windows\system32\sppsvc.exe[4416] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\sppsvc.exe[4416] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000A0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000D03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000D0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4536] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[4724] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[4724] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[4724] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4724] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\System32\svchost.exe[4724] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 001F03FC
.text C:\Windows\System32\svchost.exe[4724] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 001F0804
.text C:\Windows\System32\svchost.exe[4724] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 001F01F8
.text C:\Windows\System32\svchost.exe[4724] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 001F0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[5036] KERNEL32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!EnableWindow 75E2A72E 5 Bytes JMP 69D79884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 00330A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 003303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 00330804
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 003301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!DialogBoxIndirectParamW 75E54AA7 5 Bytes JMP 69EC590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!DialogBoxParamW 75E5564A 5 Bytes JMP 69CD15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00330600
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!DialogBoxParamA 75E6CF6A 5 Bytes JMP 69EC58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!DialogBoxIndirectParamA 75E6D29C 5 Bytes JMP 69EC5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!MessageBoxIndirectA 75E7E8C9 5 Bytes JMP 69EC5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!MessageBoxIndirectW 75E7E9C3 5 Bytes JMP 69EC57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!MessageBoxExA 75E7EA29 5 Bytes JMP 69EC5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] USER32.dll!MessageBoxExW 75E7EA4D 5 Bytes JMP 69EC56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WININET.dll!HttpAddRequestHeadersA 77541B9C 5 Bytes JMP 00AA64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WININET.dll!HttpAddRequestHeadersW 7758F7A8 5 Bytes JMP 00AA66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WS2_32.dll!closesocket 75B93BED 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WS2_32.dll!recv 75B947DF 5 Bytes JMP 004F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WS2_32.dll!connect 75B948BE 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WS2_32.dll!getaddrinfo 75B96737 5 Bytes JMP 0221000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WS2_32.dll!send 75B9C4C8 5 Bytes JMP 0052000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5388] WS2_32.dll!gethostbyname 75BA7133 5 Bytes JMP 00C0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] kernel32.dll!CreateThread 76EA281D 5 Bytes JMP 69D37133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!EnableWindow 75E2A72E 5 Bytes JMP 69D79884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 69DBEB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CallNextHookEx 75E2CC8F 5 Bytes JMP 69D97AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DefWindowProcA 75E2E0E4 7 Bytes JMP 69D39345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateWindowExA 75E2E18A 5 Bytes JMP 69D43173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateWindowExW 75E30E51 5 Bytes JMP 69D9FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 69D71FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DefWindowProcW 75E3724B 7 Bytes JMP 69D97B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamW 75E54AA7 5 Bytes JMP 69EC590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamW 75E5564A 5 Bytes JMP 69CD15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamA 75E6CF6A 5 Bytes JMP 69EC58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamA 75E6D29C 5 Bytes JMP 69EC5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectA 75E7E8C9 5 Bytes JMP 69EC5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectW 75E7E9C3 5 Bytes JMP 69EC57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExA 75E7EA29 5 Bytes JMP 69EC5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExW 75E7EA4D 5 Bytes JMP 69EC56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!OleLoadFromStream 75EF5BF6 5 Bytes JMP 69EC6110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!CoCreateInstance 75F4590C 5 Bytes JMP 69D9B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WININET.dll!HttpAddRequestHeadersA 77541B9C 5 Bytes JMP 002F64C0
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WININET.dll!HttpAddRequestHeadersW 7758F7A8 5 Bytes JMP 002F66C0
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WS2_32.dll!closesocket 75B93BED 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WS2_32.dll!recv 75B947DF 5 Bytes JMP 004E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WS2_32.dll!connect 75B948BE 5 Bytes JMP 004F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WS2_32.dll!getaddrinfo 75B96737 5 Bytes JMP 0063000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WS2_32.dll!send 75B9C4C8 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5452] WS2_32.dll!gethostbyname 75BA7133 5 Bytes JMP 0062000A
.text C:\Users\Andrew\Desktop\w39o0ohf.exe[5484] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] ntdll.dll!LdrUnloadDll 776ABEAF 5 Bytes JMP 000603FC
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] ntdll.dll!LdrLoadDll 776AF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] kernel32.dll!GetBinaryTypeW + 70 76EB7984 1 Byte [62]
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] user32.dll!UnhookWindowsHookEx 75E2CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] user32.dll!UnhookWinEvent 75E2D924 5 Bytes JMP 000F03FC
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] user32.dll!SetWindowsHookExW 75E3210A 5 Bytes JMP 000F0804
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] user32.dll!SetWinEventHook 75E3507E 5 Bytes JMP 000F01F8
.text C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe[5972] user32.dll!SetWindowsHookExA 75E56DFA 5 Bytes JMP 000F0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75745E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75745E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75745E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75745E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe[3324] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75745E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:264] 86916E7A
Thread System [4:268] 86919008
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Windows\Explorer.EXE [2928] 0x05180000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0x37 0xF8 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0xC8 0x60 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x17 0x83 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0x37 0xF8 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0xC8 0x60 0xDC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB7 0x17 0x83 0x8A ...

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r7 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 37888 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{f593e137-823d-11e0-b7f8-6cf04977fbe5}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{f593e137-823d-11e0-b7f8-6cf04977fbe5}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{f593e137-823d-11e0-b7f8-6cf04977fbe5}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\rkill.log 357 bytes
File C:\## aswSnx private storage\webStorage\image\Users 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Explorer 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\History 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGDCDQNV 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGDCDQNV\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFC01FVG 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFC01FVG\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWA7MUZK 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWA7MUZK\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ0RNG0T 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ0RNG0T\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\curo.reg 220 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\extra.dat 472 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\h 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\h\explorer.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\h\iexplore.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\lmro.reg 222 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\lmroe.reg 74 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nircmd.chm 38015 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nircmd.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nircmdc.exe 30720 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nird 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\nird\iexplore.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\pev.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\prep.bat 68 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs\explorer.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs\iexplore.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\procs\proc.dat 11031 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\proxycheck.exe 302187 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\rkill.bat 5003 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\rkill.reg 3087 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\s.inf 1081 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\sed.exe 98816 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\serv.dat 190 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\sh.vbs 313 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\swreg.exe 161792 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\userinit.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\winlogon.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\RarSFX0\wl.txt 323 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Local\Temp\test.reg 11540 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Andrew\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF\setupapi.app.log 12149593 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf 23640 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\EXPLORER.EXE-CC5F5AD1.pf 8820 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\GRPCONV.EXE-B823222B.pf 14298 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-7A2354E4.pf 9304 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\INFDEFAULTINSTALL.EXE-39AFC5CD.pf 22536 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf 39338 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\RUNONCE.EXE-D0649312.pf 39762 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\USERINIT.EXE-01E302FF.pf 25472 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32\DriverStore 0 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 23018 bytes

---- EOF - GMER 1.0.15 ----

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD5000AADS-00S9B0 rev.01.00A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#8 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:07:31 AM

Posted 20 May 2011 - 09:32 AM

Hi Drew1979,

The information from GMER is not very clear as to "what's going on".

So, let's try another utility for searching out rootkits.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 


#9 Drew1979

Drew1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 20 May 2011 - 12:29 PM

Hi techextreme,

sry for the late reply...needed to take care of something. Here is the report

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #4
==============================================
>Drivers
==============================================
0x92003000 C:\Windows\system32\DRIVERS\atikmdag.sys 6705152 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C17000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C17000 PnpManager 4259840 bytes
0x82C17000 RAW 4259840 bytes
0x82C17000 WMIxWDM 4259840 bytes
0x82600000 Win32k 2404352 bytes
0x82600000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CA0C000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8C60C000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92668000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C815000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x832EC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA0C28000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x998B1000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83219000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8C429000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90E13000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xAD81A000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x91E86000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C779000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90F28000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA0D46000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x98C8B000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA0CF7000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9278D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C557000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x91F10000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x8C4A8000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9985B000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x93BBB000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832AA000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x91E25000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x98CFB000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8CB8F000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C8CC000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x91F8D000 C:\Windows\system32\DRIVERS\atikmpag.sys 241664 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x99984000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9271F000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x99806000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x83027000 ACPI_HAL 225280 bytes
0x83027000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83397000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x93B79000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C95C000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90F87000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CB55000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x98C43000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C92F000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x93A1D000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8C73B000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C50C000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x93B51000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C98E000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C90A000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x91FC8000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8C5D6000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x99961000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x93AA8000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x91E00000 C:\Windows\system32\DRIVERS\nusb3xhc.sys 139264 bytes (NEC Electronics Corporation, USB 3.0 Host Controller Driver)
0xA0CC9000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91F5A000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90E9D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C9DB000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92758000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90FC0000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82890000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x98C26000 C:\Windows\system32\drivers\AtihdW73.sys 118784 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0x93B34000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x98DCC000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x999BF000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x833CB000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x99841000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x99936000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x98C72000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91EEA000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x93A85000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x93ACA000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x93AE2000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x93AF9000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90EFC000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x98D9E000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x98CE5000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8C5B7000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x98D79000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C766000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x90E00000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x93A73000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x91F7B000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9994F000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CBEE000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x98D5D000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8C413000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91FED000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8C536000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83291000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90FDF000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8CBD6000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x998A1000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8C800000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8C547000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x93A0E000 C:\Windows\system32\DRIVERS\nusb3hub.sys 61440 bytes (NEC Electronics Corporation, USB 3.0 Hub Driver)
0x927D8000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91F02000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x93A00000 C:\Windows\system32\drivers\libusb0.sys 57344 bytes
0x90FF0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90EEE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8C5A9000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C7D6000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x93BAD000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8C49A000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x93A5E000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x98D3B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x93B1A000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x93B27000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA0CEA000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90EBE000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x91E7A000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x98DB5000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x90E91000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x98D48000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x93A49000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x92777000 C:\Windows\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0x98D6E000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x98DC1000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x98D93000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x90EE3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x93A9D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90F13000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x92782000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8C501000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x90F1E000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x98D53000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x98CDB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x927E9000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x8C400000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x91E70000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x91E66000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x93B10000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA0CBF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x93A54000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8C40A000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8C5CD000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8C7E4000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xAD884000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82860000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8CB86000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8C4F0000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832A2000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8CBE6000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BAA000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8C4F9000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90ECB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90ED3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x90EDB000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x93A6B000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x8CBCE000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90E8A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x98D8C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x90E83000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8C5A2000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x90FB9000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x90F82000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9983E000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xA0D98000 C:\Windows\system32\DRIVERS\psi_mf.sys 12288 bytes (Secunia, Secunia PSI Driver)
0x93B77000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x927E7000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x07830000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 102400 bytes
0x08170000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 102400 bytes
0x01380000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x88700030 ] PID: 4012, 110592 bytes
0x06610000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 110592 bytes
0x003F0000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 118784 bytes
0x03870000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x88700030 ] PID: 4012, 118784 bytes
0x08960000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 1232896 bytes
0x08A90000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 1314816 bytes
0x868ECA91 Unknown page with executable code, 1391 bytes
0x086E0000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 159744 bytes
0x08DA0000 Hidden Image-->CLI.Aspect.Settings.HydraVision.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 159744 bytes
0x04590000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 167936 bytes
0x08CF0000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 167936 bytes
0x08390000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 1716224 bytes
0x081A0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 192512 bytes
0x080D0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 208896 bytes
0x079E0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 217088 bytes
0x08D20000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 225280 bytes
0x08D60000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 249856 bytes
0x08120000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 282624 bytes
0x008E0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 28672 bytes
0x009F0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 28672 bytes
0x013A0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x01370000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x03D30000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x03B20000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x03B90000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x03BF0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x03BE0000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x03C00000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x03D20000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x04160000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x04480000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x04E50000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x04E60000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x04EA0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x052C0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06740000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06960000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06940000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06950000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x069B0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x069C0000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x069E0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06D40000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06C30000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06D70000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06F00000 Hidden Image-->atixclib.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06F50000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06FD0000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x06FF0000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07000000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07020000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07640000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07930000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x076E0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07850000 Hidden Image-->Branding.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07900000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07940000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07960000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07CE0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07CF0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07F60000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x086D0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 28672 bytes
0x07E00000 Hidden Image-->CLI.Aspect.HydraVision.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 323584 bytes
0x868EB288 Unknown page with executable code, 3448 bytes
0x08EC0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 364544 bytes
0x03DE0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 36864 bytes
0x03890000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x03B80000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x05740000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x06460000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x06570000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x065A0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x06730000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x06F40000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x06FE0000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x06FC0000 Hidden Image-->CLI.Aspect.Settings.HydraVision.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x076C0000 Hidden Image-->CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x07A70000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x07B10000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 36864 bytes
0x868ED191 Unknown page with executable code, 3695 bytes
0x08E60000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 389120 bytes
0x04DE0000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 397312 bytes
0x868F002C Unknown page with executable code, 4052 bytes
0x08DF0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 405504 bytes
0x077C0000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 413696 bytes
0x07870000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 421888 bytes
0x004D0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 45056 bytes
0x00690000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 45056 bytes
0x03DD0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 45056 bytes
0x005F0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x01360000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x013E0000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x03B30000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x052D0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x05410000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x06F80000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x06F60000 Hidden Image-->CLI.Aspect.Settings.HydraVision.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x06FA0000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x06F90000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x06FB0000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 45056 bytes
0x047C0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x88700030 ] PID: 4012, 487424 bytes
0x03B70000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x03B10000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x03BC0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x03D10000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x052B0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x052A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x052E0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x07690000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x06870000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x06990000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x076D0000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x88700030 ] PID: 4012, 53248 bytes
0x07A80000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x88700030 ] PID: 4012, 585728 bytes
0x08F20000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 585728 bytes
0x868EFE7A Unknown thread object [ ETHREAD 0x86A80D48 ] TID: 264, 600 bytes
0x868F2008 Unknown thread object [ ETHREAD 0x86A97280 ] TID: 268, 600 bytes
0x868F10DE Unknown thread object [ ETHREAD 0x86A96D48 ] , 600 bytes
0x868EFB45 Unknown thread object [ ETHREAD 0x86A96A70 ] , 600 bytes
0x039E0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x88700030 ] PID: 4012, 61440 bytes
0x053F0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 61440 bytes
0x065F0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 61440 bytes
0x06BF0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 61440 bytes
0x06C10000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 61440 bytes
0x08600000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 667648 bytes
0x039C0000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x88700030 ] PID: 4012, 69632 bytes
0x03AF0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 69632 bytes
0x06580000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 69632 bytes
0x06880000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 69632 bytes
0x07620000 Hidden Image-->APM.Server.dll [ EPROCESS 0x88700030 ] PID: 4012, 69632 bytes
0x07B20000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x88700030 ] PID: 4012, 749568 bytes
0x006A0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x885CE2C8 ] PID: 3724, 77824 bytes
0x013B0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x88700030 ] PID: 4012, 77824 bytes
0x05280000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 77824 bytes
0x05520000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 77824 bytes
0x06910000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 77824 bytes
0x068F0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 77824 bytes
0x06970000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x88700030 ] PID: 4012, 77824 bytes
0x07F90000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 77824 bytes
0x868F1CDC Unknown page with executable code, 804 bytes
0x03B50000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x88700030 ] PID: 4012, 86016 bytes
0x065B0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 86016 bytes
0x06850000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x88700030 ] PID: 4012, 86016 bytes
0x07F70000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 86016 bytes
0x09090000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x88700030 ] PID: 4012, 888832 bytes

#10 techextreme

techextreme

    Bleepin Tech


  • BC Advisor
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:07:31 AM

Posted 24 May 2011 - 12:45 PM

Hi Drew1979,

After looking over and re-looking over and asking multiple questions to others here, at this point, I think this one is best left to the experts. So I'm going to refer you to the Virus, Trojan, Spyware, and Malware Removal Logs Forum.

Please read the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help in cleaning your computer. Once complete, post a link back to this forum so the MRT team knows what we have tried.

Please be patient as the MRT team is quite busy sometimes and it may take a day or even a few for someone to pickup your log but someone will get back to you.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users