Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting


  • Please log in to reply
13 replies to this topic

#1 Chevelle1258

Chevelle1258

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 July 2011 - 04:49 PM

I keep getting redirected when i search for things in google chrome. I've tried some of the steps that people say works to remove the google virus but it hasn't worked. I can still open up any page but i have to open in new tab each time. Anyone know what to do?

edit: It brings me to various sites like careerbuilder, comparestores.net and find-quick-results if that that helps.

Edited by Chevelle1258, 11 July 2011 - 04:51 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:05 PM

Posted 11 July 2011 - 09:03 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

Edited by Broni, 11 July 2011 - 09:04 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Chevelle1258

Chevelle1258
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 July 2011 - 05:08 PM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7089

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/12/2011 17:58:28
mbam-log-2011-07-12 (17-58-28).txt

Scan type: Quick scan
Objects scanned: 165841
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YDZ1QVAGOJ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar (Adware.MyWebSearch) -> Value: My Web Search Bar -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I can't post the others like this they are too long. How can i put them up?

Edited by Chevelle1258, 12 July 2011 - 05:10 PM.


#4 Chevelle1258

Chevelle1258
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 July 2011 - 07:43 PM

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-12 13:12:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD5000AVVS-63M8B0 rev.01.00A01
Running: qkjj7g3v.exe; Driver: C:\DOCUME~1\S\LOCALS~1\Temp\aglcyuob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAFC34202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAFC9AD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAFC586C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAFC367F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAFC36848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAFC3695E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAFC58075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAFC36746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAFC36898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAFC3679A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAFC3690C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAFC34226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAFC58D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAFC5903D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAFC36BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAFC58BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAFC58A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAFC9AE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAFC33FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAFC3424A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAFC36D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAFC34CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAFC36820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAFC36870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAFC36988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAFC583D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAFC36772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAFC36A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAFC368D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAFC367C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAFC36AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAFC36936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAFC9AED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAFC588D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAFC34BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAFC5872A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAFCA310E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAFC576E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAFC3426E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAFC34292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAFC3404A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAFC34186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAFC58E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAFC34162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAFC341AA]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAFDA8620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAFC342B6]

INT 0x62 ? 8B30ABF8
INT 0x63 ? 8B30ABF8
INT 0x73 ? 8B121F00
INT 0x82 ? 8B30ABF8
INT 0x83 ? 8B121F00
INT 0x83 ? 8B121F00
INT 0x83 ? 8B121F00
INT 0xA4 ? 8B121F00
INT 0xB4 ? 8B121F00
INT 0xB4 ? 8B121F00
INT 0xB4 ? 8B121F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAFCB0398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80503A64 4 Bytes CALL E6FFFFDF
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4ECC 4 Bytes CALL AFC35335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAEDA 5 Bytes JMP AFCABD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C1810 5 Bytes JMP AFCAD7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP AFCB039C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spru.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB272F3A0, 0x59FFE5, 0xE8000020]
.text USBPORT.SYS!DllUnload B26F362C 5 Bytes JMP 8B1214E0
.text a56llcc6.SYS B2657386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a56llcc6.SYS B26573AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a56llcc6.SYS B26573C4 3 Bytes [00, 80, 02]
.text a56llcc6.SYS B26573C9 1 Byte [30]
.text a56llcc6.SYS B26573C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP AFC37CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP AFC37BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP AFC36F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP AFC37E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP AFC38014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP AFC36E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP AFC3703E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP AFC37B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP AFC37D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP AFC37180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP AFC37326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP AFC36E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP AFC37F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP AFC372FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP AFC36D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP AFC37BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP AFC36FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP AFC370AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP AFC370E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP AFC36EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP AFC37008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP AFC37440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP AFC37ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAEFB6300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8448300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\RTHDCPL.EXE[180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\WINDOWS\RTHDCPL.EXE[180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\WINDOWS\RTHDCPL.EXE[180] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[180] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003701F8
.text C:\WINDOWS\RTHDCPL.EXE[180] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003703FC
.text C:\WINDOWS\RTHDCPL.EXE[180] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00370804
.text C:\WINDOWS\RTHDCPL.EXE[180] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370A08
.text C:\WINDOWS\RTHDCPL.EXE[180] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00370600
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[180] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe[260] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[324] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[324] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[380] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[532] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[548] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[548] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002C1014
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002C0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002C0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002C0C0C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002C0E10
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002C01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002C03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002C0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002D01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002D0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002D0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[740] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\smss.exe[1000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1056] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1084] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[1084] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1084] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[1100] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1100] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\rundll32.exe[1100] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\rundll32.exe[1100] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\rundll32.exe[1100] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\rundll32.exe[1100] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[1100] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1120] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1120] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[1120] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[1120] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1120] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1120] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1120] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1120] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1172] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1172] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\services.exe[1172] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1184] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1184] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[1184] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\nvsvc32.exe[1364] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[1364] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[1364] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1364] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1364] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[1364] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[1364] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1444] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1508] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1540] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1540] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1540] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1540] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1540] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1552] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1552] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001801F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001803FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003F0804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003F0600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00501014
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00500804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00500A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00500C0C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00500E10
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 005001F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 005003FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1628] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00500600
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1668] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1668] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1800] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1932] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1932] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1932] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1932] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1932] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\taskmgr.exe[2096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\taskmgr.exe[2096] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2124] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600

.text C:\WINDOWS\system32\rundll32.exe[2144] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[2144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2144] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[2144] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[2144] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\rundll32.exe[2144] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\rundll32.exe[2144] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\rundll32.exe[2144] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\rundll32.exe[2144] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[2144] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2176] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!DrawTextW 77D4FF89 5 Bytes JMP 0158D187
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!DrawTextExW 77D505D2 5 Bytes JMP 0158D349
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 0158C23C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!DrawTextA 77D65D61 5 Bytes JMP 0158D0AC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!DrawTextExA 77D65D98 5 Bytes JMP 0158D262
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!SetClipboardData 77D6FF10 5 Bytes JMP 0158CDFD
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] GDI32.dll!TextOutW 77F17CE8 5 Bytes JMP 0158CFE0
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] GDI32.dll!ExtTextOutW 77F17EC6 5 Bytes JMP 0158D514
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] GDI32.dll!ExtTextOutA 77F19012 5 Bytes JMP 0158D430
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] GDI32.dll!TextOutA 77F1C449 5 Bytes JMP 0158CF14
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] GDI32.dll!GetGlyphIndicesA 77F3CBA5 5 Bytes JMP 0158D8D4
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] GDI32.dll!GetGlyphIndicesW 77F506E2 5 Bytes JMP 0158D9A1
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0158BD87
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!send 71AB428A 5 Bytes JMP 0158C8CB
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0158CAF2
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 0158BCC6
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0158C970
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0158CA1E
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0158CD56
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!WSAAsyncGetHostByName 71ABE985 5 Bytes JMP 0158C15D
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 0158CC36
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WININET.dll!InternetCrackUrlA 771C8840 5 Bytes JMP 0158DC67
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2204] WININET.dll!InternetCrackUrlW 771F8A04 5 Bytes JMP 0158DDB0
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!DrawTextW 77D4FF89 5 Bytes JMP 00CAD187
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!DrawTextExW 77D505D2 5 Bytes JMP 00CAD349
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 00CAC23C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!DrawTextA 77D65D61 5 Bytes JMP 00CAD0AC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!DrawTextExA 77D65D98 5 Bytes JMP 00CAD262
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!SetClipboardData 77D6FF10 5 Bytes JMP 00CACDFD
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] GDI32.dll!TextOutW 77F17CE8 5 Bytes JMP 00CACFE0
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] GDI32.dll!ExtTextOutW 77F17EC6 5 Bytes JMP 00CAD514
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] GDI32.dll!ExtTextOutA 77F19012 5 Bytes JMP 00CAD430
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] GDI32.dll!TextOutA 77F1C449 5 Bytes JMP 00CACF14
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] GDI32.dll!GetGlyphIndicesA 77F3CBA5 5 Bytes JMP 00CAD8D4
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] GDI32.dll!GetGlyphIndicesW 77F506E2 5 Bytes JMP 00CAD9A1
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CABD87
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CAC8CB
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00CACAF2
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00CABCC6
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00CAC970
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00CACA1E
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00CACD56
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!WSAAsyncGetHostByName 71ABE985 5 Bytes JMP 00CAC15D
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 00CACC36
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WININET.dll!InternetCrackUrlA 771C8840 5 Bytes JMP 00CADC67
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2224] WININET.dll!InternetCrackUrlW 771F8A04 5 Bytes JMP 00CADDB0
.text C:\WINDOWS\system32\svchost.exe[2312] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[2312] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2312] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2312] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003A01F8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003A03FC
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003A0804
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003A0A08
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003A0600
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003B1014
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003B0804
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003B0A08
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003B0C0C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003B0E10
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003B01F8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003B03FC
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2324] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\svchost.exe[2460] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2460] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2460] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2460] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[2460] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[2460] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2460] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2460] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2460] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2460] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2504] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2552] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2580] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe[2716] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!DrawTextW 77D4FF89 5 Bytes JMP 00DCD187
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!DrawTextExW 77D505D2 5 Bytes JMP 00DCD349
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 00DCC23C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!DrawTextA 77D65D61 5 Bytes JMP 00DCD0AC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!DrawTextExA 77D65D98 5 Bytes JMP 00DCD262
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 005001F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 005003FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00500804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00500A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!SetClipboardData 77D6FF10 5 Bytes JMP 00DCCDFD
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00500600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] GDI32.dll!TextOutW 77F17CE8 5 Bytes JMP 00DCCFE0
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] GDI32.dll!ExtTextOutW 77F17EC6 5 Bytes JMP 00DCD514
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] GDI32.dll!ExtTextOutA 77F19012 5 Bytes JMP 00DCD430
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] GDI32.dll!TextOutA 77F1C449 5 Bytes JMP 00DCCF14
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] GDI32.dll!GetGlyphIndicesA 77F3CBA5 5 Bytes JMP 00DCD8D4
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] GDI32.dll!GetGlyphIndicesW 77F506E2 5 Bytes JMP 00DCD9A1
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00511014
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00510804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00510A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00510C0C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00510E10
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 005101F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 005103FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00510600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00DCBD87
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DCC8CB
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00DCCAF2
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00DCBCC6
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00DCC970
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DCCA1E
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DCCD56
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!WSAAsyncGetHostByName 71ABE985 5 Bytes JMP 00DCC15D
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 00DCCC36
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WININET.dll!InternetCrackUrlA 771C8840 5 Bytes JMP 00DCDC67
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2720] WININET.dll!InternetCrackUrlW 771F8A04 5 Bytes JMP 00DCDDB0
.text C:\WINDOWS\System32\svchost.exe[2912] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2912] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[2912] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2912] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2912] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2912] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2912] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[3048] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\My Documents\Downloads\qkjj7g3v.exe[3052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\My Documents\Downloads\qkjj7g3v.exe[3052] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003C01F8
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003C03FC
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003C0804
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003C0A08
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003C0600
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 003D1014
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 003D0804
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 003D0A08
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 003D0C0C
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 003D0E10
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003D01F8
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003D03FC
.text C:\PROGRAM FILES\MISC\FRAPS\FRAPS.EXE[3188] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 003D0600
.text C:\WINDOWS\System32\svchost.exe[3360] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3360] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3360] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[3360] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[3360] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3412] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3412] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3412] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3412] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\alg.exe[3412] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\alg.exe[3412] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\alg.exe[3412] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\alg.exe[3412] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3412] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002B0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3492] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00381014
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00380804
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00380A08
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00380C0C
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00380E10
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003801F8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003803FC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00380600
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe[3504] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextW 77D4FF89 5 Bytes JMP 00AED187
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextExW 77D505D2 5 Bytes JMP 00AED349
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 00AEC23C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextA 77D65D61 5 Bytes JMP 00AED0AC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!DrawTextExA 77D65D98 5 Bytes JMP 00AED262
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!SetClipboardData 77D6FF10 5 Bytes JMP 00AECDFD
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!TextOutW 77F17CE8 5 Bytes JMP 00AECFE0
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!ExtTextOutW 77F17EC6 5 Bytes JMP 00AED514
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!ExtTextOutA 77F19012 5 Bytes JMP 00AED430
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!TextOutA 77F1C449 5 Bytes JMP 00AECF14
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!GetGlyphIndicesA 77F3CBA5 5 Bytes JMP 00AED8D4
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] GDI32.dll!GetGlyphIndicesW 77F506E2 5 Bytes JMP 00AED9A1
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00AEBD87
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!send 71AB428A 5 Bytes JMP 00AEC8CB
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00AECAF2
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00AEBCC6
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00AEC970
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00AECA1E
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00AECD56
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSAAsyncGetHostByName 71ABE985 5 Bytes JMP 00AEC15D
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 5 Bytes JMP 00AECC36
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WININET.dll!InternetCrackUrlA 771C8840 5 Bytes JMP 00AEDC67
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] WININET.dll!InternetCrackUrlW 771F8A04 5 Bytes JMP 00AEDDB0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 003901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 003903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3848] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00390600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001801F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001803FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003F03FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003F0804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003F0600
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 00501014
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 00500804
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 00500A08
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 00500C0C
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 00500E10
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 005001F8
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 005003FC
.text C:\Documents and Settings\S\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 00500600
.text C:\WINDOWS\system32\svchost.exe[4088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[4088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[4088] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[4088] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[4088] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[4088] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[4088] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[4088] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[4088] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[4088] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spru.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spru.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spru.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spru.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spru.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spru.sys
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\a56llcc6.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 006C0002
IAT C:\WINDOWS\system32\services.exe[1172] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 006C0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8B3091F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{BFB15D7D-F93C-4822-AFD3-B2B62E254107} 8A7061F8
Device \Driver\usbohci \Device\USBPDO-0 8B0BF500
Device \Driver\usbohci \Device\USBPDO-1 8B0BF500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B2961F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B2961F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B2961F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B2961F8
Device \Driver\usbohci \Device\USBPDO-2 8B0BF500
Device \Driver\usbehci \Device\USBPDO-3 8B0D5500
Device \Driver\usbohci \Device\USBPDO-4 8B0BF500

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBPDO-5 8B0BF500
Device \Driver\PCI_PNP5052 \Device\00000062 spru.sys
Device \Driver\usbehci \Device\USBPDO-6 8B0D5500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B30B1F8
Device \Driver\Cdrom \Device\CdRom0 8B0D8500
Device \Driver\atapi \Device\Ide\IdePort0 8B30A1F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8B30A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 8B30A1F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 8B30A1F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 8B30A1F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 8B30A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 8B0D8500
Device \Driver\Cdrom \Device\CdRom2 8B0D8500
Device \Driver\Cdrom \Device\CdRom3 8B0D8500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A7061F8
Device \Driver\NetBT \Device\NetbiosSmb 8A7061F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\sptd \Device\876478802 spru.sys
Device \Driver\usbohci \Device\USBFDO-0 8B0BF500
Device \Driver\usbohci \Device\USBFDO-1 8B0BF500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A6FD1F8
Device \Driver\usbehci \Device\USBFDO-2 8B0D5500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A6FD1F8
Device \Driver\usbohci \Device\USBFDO-3 8B0BF500
Device \Driver\usbohci \Device\USBFDO-4 8B0BF500
Device \Driver\Ftdisk \Device\FtControl 8B30B1F8
Device \Driver\usbehci \Device\USBFDO-5 8B0D5500
Device \Driver\usbohci \Device\USBFDO-6 8B0BF500
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61Port4Path0Target2Lun0 8B0E0500
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61Port4Path0Target2Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61 8B0E0500
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61Port4Path0Target1Lun0 8B0E0500
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61Port4Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61Port4Path0Target0Lun0 8B0E0500
Device \Driver\a56llcc6 \Device\Scsi\a56llcc61Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 8A72A500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA4 0x37 0xFE 0x18 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xFD 0xA2 0xAD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0xBE 0x7F 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xF6 0x51 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA6 0x39 0x39 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x92 0xA5 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x22 0xDF 0x6E 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x24 0x18 0x44 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x35 0xF6 0x4C 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xFD 0xA2 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x3B 0x05 0x3C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB7 0xF6 0x51 0xCD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA6 0x39 0x39 0x73 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x92 0xA5 0xFA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x22 0xDF 0x6E 0xB9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x24 0x18 0x44 0xCC ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

#5 Chevelle1258

Chevelle1258
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 July 2011 - 07:45 PM

MiniToolBox by Farbar
Ran by S (administrator) on 12-07-2011 at 12:45:45
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

========================= FF Proxy Settings: ==============================


========================= End of FF Proxy Settings ========================
=============== Hosts content: ============================================


=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.1.27 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.1.1 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

# Interface IP Configuration for "Tunngle"

set address name="Tunngle" source=dhcp
set dns name="Tunngle" source=dhcp register=PRIMARY
set wins name="Tunngle" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : shawn_kelly Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC Physical Address. . . . . . . . . : 00-30-67-24-78-0A Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.1.27 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1Ethernet adapter Tunngle: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle) #2 Physical Address. . . . . . . . . : 00-FF-BF-B1-5D-7DServer: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.106, 74.125.115.147, 74.125.115.103, 74.125.115.104
74.125.115.99, 74.125.115.105

Pinging google.com [74.125.115.147] with 32 bytes of data:Reply from 74.125.115.147: bytes=32 time=27ms TTL=52Reply from 74.125.115.147: bytes=32 time=28ms TTL=52Ping statistics for 74.125.115.147: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 27ms, Maximum = 28ms, Average = 27msServer: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=113ms TTL=50Reply from 98.137.149.56: bytes=32 time=100ms TTL=49Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 100ms, Maximum = 113ms, Average = 106msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 30 67 24 78 0a ...... Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 ff bf b1 5d 7d ...... TAP-Win32 Adapter V9 (Tunngle) #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.27 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.27 192.168.1.27 20
192.168.1.0 255.255.255.0 192.168.1.27 192.168.1.27 20
192.168.1.27 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.27 192.168.1.27 20
224.0.0.0 240.0.0.0 192.168.1.27 192.168.1.27 20
255.255.255.255 255.255.255.255 192.168.1.27 192.168.1.27 1
255.255.255.255 255.255.255.255 192.168.1.27 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/03/2011 00:58:52 PM) (Source: Application Error) (User: )
Description: Faulting application spybotsd.exe, version 1.6.2.46, faulting module spybotsd.exe, version 1.6.2.46, fault address 0x00001941.
Processing media-specific event for [spybotsd.exe!ws!]

Error: (07/02/2011 06:34:44 PM) (Source: Application Error) (User: )
Description: Fault bucket 1174620826.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/02/2011 06:34:38 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x03ddc260.
Processing media-specific event for [explorer.exe!ws!]

Error: (07/02/2011 02:54:23 PM) (Source: Application Error) (User: )
Description: Faulting application spybotsd.exe, version 1.6.2.46, faulting module spybotsd.exe, version 1.6.2.46, fault address 0x00004d8a.
Processing media-specific event for [spybotsd.exe!ws!]

Error: (07/01/2011 10:39:58 PM) (Source: Application Error) (User: )
Description: Faulting application bearshare_v9_en_setup.exe, version 9.0.0.0, faulting module installhelper.dll, version 0.0.0.0, fault address 0x000bc166.
Processing media-specific event for [bearshare_v9_en_setup.exe!ws!]

Error: (06/26/2011 06:05:26 PM) (Source: Application Error) (User: )
Description: Faulting application redfactionarmageddon.exe, version 0.0.0.0, faulting module redfactionarmageddon.exe, version 0.0.0.0, fault address 0x0054d0bb.
Processing media-specific event for [redfactionarmageddon.exe!ws!]

Error: (06/26/2011 05:23:03 PM) (Source: Application Error) (User: )
Description: Faulting application redfactionarmageddon.exe, version 0.0.0.0, faulting module redfactionarmageddon.exe, version 0.0.0.0, fault address 0x0008decb.
Processing media-specific event for [redfactionarmageddon.exe!ws!]

Error: (06/26/2011 04:26:21 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 27.1.168.192.in-addr.arpa. PTR shawn-kelly.local.

Error: (06/26/2011 04:26:21 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.27:5353 21 27.1.168.192.in-addr.arpa. PTR shawn-kelly-2.local.

Error: (06/17/2011 02:52:44 PM) (Source: Application Hang) (User: )
Description: Hanging application Photoshop.exe, version 11.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/12/2011 11:53:00 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/12/2011 11:38:11 AM) (Source: Service Control Manager) (User: )
Description: The SRS HDAudio Lab Service service failed to start due to the following error:
%%1053

Error: (07/12/2011 11:38:11 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the SRS HDAudio Lab Service service to connect.

Error: (07/11/2011 08:53:00 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/11/2011 07:34:44 PM) (Source: Service Control Manager) (User: )
Description: The SRS HDAudio Lab Service service failed to start due to the following error:
%%1053

Error: (07/11/2011 07:34:44 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the SRS HDAudio Lab Service service to connect.

Error: (07/11/2011 03:53:00 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/11/2011 02:04:36 PM) (Source: Service Control Manager) (User: )
Description: The SRS HDAudio Lab Service service failed to start due to the following error:
%%1053

Error: (07/11/2011 02:04:36 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the SRS HDAudio Lab Service service to connect.

Error: (07/11/2011 10:53:20 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}


Microsoft Office Sessions:
=========================
Error: (07/03/2011 00:58:52 PM) (Source: Application Error)(User: )
Description: spybotsd.exe1.6.2.46spybotsd.exe1.6.2.4600001941

Error: (07/02/2011 06:34:44 PM) (Source: Application Error)(User: )
Description: 1174620826

Error: (07/02/2011 06:34:38 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.2180unknown0.0.0.003ddc260

Error: (07/02/2011 02:54:23 PM) (Source: Application Error)(User: )
Description: spybotsd.exe1.6.2.46spybotsd.exe1.6.2.4600004d8a

Error: (07/01/2011 10:39:58 PM) (Source: Application Error)(User: )
Description: bearshare_v9_en_setup.exe9.0.0.0installhelper.dll0.0.0.0000bc166

Error: (06/26/2011 06:05:26 PM) (Source: Application Error)(User: )
Description: redfactionarmageddon.exe0.0.0.0redfactionarmageddon.exe0.0.0.00054d0bb

Error: (06/26/2011 05:23:03 PM) (Source: Application Error)(User: )
Description: redfactionarmageddon.exe0.0.0.0redfactionarmageddon.exe0.0.0.00008decb

Error: (06/26/2011 04:26:21 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 27.1.168.192.in-addr.arpa. PTR shawn-kelly.local.

Error: (06/26/2011 04:26:21 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.27:5353 21 27.1.168.192.in-addr.arpa. PTR shawn-kelly-2.local.

Error: (06/17/2011 02:52:44 PM) (Source: Application Hang)(User: )
Description: Photoshop.exe11.0.1.0hungapp0.0.0.000000000


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 28%
Total physical RAM: 3327.23 MB
Available physical RAM: 2379.51 MB
Total Pagefile: 5210.9 MB
Available Pagefile: 4157.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.56 MB

======================= Partitions: =======================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:128.9 GB) NTFS

================= Users: ==================================================

User accounts for \\SHAWN_KELLY

-------------------------------------------------------------------------------
Administrator ASPNET Guest
HelpAssistant LogMeInRemoteUser S
SUPPORT_388945a0
The command completed successfully.

================= End of Users ============================================

I know its alot, sorry about that.

Edited by Chevelle1258, 12 July 2011 - 07:45 PM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:05 PM

Posted 12 July 2011 - 08:29 PM

Not a problem :)

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Chevelle1258

Chevelle1258
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 July 2011 - 09:17 PM

2011/07/12 22:16:21.0229 4184 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 22:16:23.0229 4184 ================================================================================
2011/07/12 22:16:23.0229 4184 SystemInfo:
2011/07/12 22:16:23.0229 4184
2011/07/12 22:16:23.0229 4184 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/12 22:16:23.0229 4184 Product type: Workstation
2011/07/12 22:16:23.0229 4184 ComputerName: SHAWN_KELLY
2011/07/12 22:16:23.0229 4184 UserName: S
2011/07/12 22:16:23.0229 4184 Windows directory: C:\WINDOWS
2011/07/12 22:16:23.0229 4184 System windows directory: C:\WINDOWS
2011/07/12 22:16:23.0229 4184 Processor architecture: Intel x86
2011/07/12 22:16:23.0229 4184 Number of processors: 2
2011/07/12 22:16:23.0229 4184 Page size: 0x1000
2011/07/12 22:16:23.0229 4184 Boot type: Normal boot
2011/07/12 22:16:23.0229 4184 ================================================================================
2011/07/12 22:16:25.0745 4184 Initialize success
2011/07/12 22:16:28.0667 3440 ================================================================================
2011/07/12 22:16:28.0667 3440 Scan started
2011/07/12 22:16:28.0667 3440 Mode: Manual;
2011/07/12 22:16:28.0667 3440 ================================================================================
2011/07/12 22:16:30.0277 3440 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/12 22:16:30.0324 3440 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/12 22:16:30.0370 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/12 22:16:30.0402 3440 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
2011/07/12 22:16:30.0480 3440 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/07/12 22:16:30.0542 3440 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 22:16:30.0605 3440 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
2011/07/12 22:16:30.0652 3440 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2011/07/12 22:16:30.0730 3440 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/07/12 22:16:30.0777 3440 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/12 22:16:30.0777 3440 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/12 22:16:30.0808 3440 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/12 22:16:30.0839 3440 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/12 22:16:30.0870 3440 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/12 22:16:30.0902 3440 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/12 22:16:30.0933 3440 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/12 22:16:30.0949 3440 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/12 22:16:31.0011 3440 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/07/12 22:16:31.0027 3440 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/12 22:16:31.0105 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/12 22:16:31.0183 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/12 22:16:31.0214 3440 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
2011/07/12 22:16:31.0246 3440 BS_I2cIo (9383ffa2aad55f6ca4831addd0edf230) C:\WINDOWS\system32\drivers\BS_I2cIo.sys
2011/07/12 22:16:31.0277 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/12 22:16:31.0355 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/12 22:16:31.0386 3440 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 22:16:31.0433 3440 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/12 22:16:31.0933 3440 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2011/07/12 22:16:32.0121 3440 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\WINDOWS\system32\DRIVERS\dc3d.sys
2011/07/12 22:16:32.0136 3440 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/12 22:16:32.0199 3440 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/12 22:16:32.0214 3440 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/12 22:16:32.0261 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/12 22:16:32.0292 3440 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/12 22:16:32.0339 3440 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/12 22:16:32.0449 3440 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2011/07/12 22:16:32.0558 3440 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2011/07/12 22:16:32.0589 3440 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/12 22:16:32.0605 3440 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/12 22:16:32.0605 3440 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/12 22:16:32.0667 3440 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/12 22:16:32.0746 3440 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/12 22:16:32.0746 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/12 22:16:32.0777 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/12 22:16:32.0792 3440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/12 22:16:32.0824 3440 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/07/12 22:16:32.0871 3440 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/12 22:16:32.0933 3440 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/07/12 22:16:32.0996 3440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/12 22:16:33.0043 3440 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/12 22:16:33.0168 3440 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/12 22:16:33.0168 3440 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/12 22:16:33.0199 3440 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/12 22:16:33.0277 3440 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/12 22:16:33.0324 3440 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/12 22:16:33.0371 3440 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/12 22:16:33.0558 3440 IntcAzAudAddService (1508153784633e16dc3dfce3cd7a9b18) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/12 22:16:33.0793 3440 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/12 22:16:33.0808 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/12 22:16:33.0824 3440 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/12 22:16:33.0855 3440 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/12 22:16:33.0871 3440 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/12 22:16:33.0918 3440 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/12 22:16:33.0964 3440 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/12 22:16:34.0011 3440 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/12 22:16:34.0058 3440 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/12 22:16:34.0089 3440 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/12 22:16:34.0152 3440 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/07/12 22:16:34.0355 3440 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/07/12 22:16:34.0418 3440 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/07/12 22:16:34.0464 3440 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/07/12 22:16:34.0527 3440 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/12 22:16:34.0558 3440 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/12 22:16:34.0605 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/12 22:16:34.0668 3440 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/12 22:16:34.0715 3440 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/12 22:16:34.0793 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/12 22:16:34.0793 3440 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/12 22:16:34.0824 3440 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/12 22:16:34.0886 3440 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/12 22:16:34.0918 3440 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/12 22:16:34.0980 3440 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/12 22:16:34.0980 3440 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/12 22:16:34.0996 3440 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/12 22:16:35.0011 3440 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/12 22:16:35.0027 3440 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/12 22:16:35.0058 3440 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/12 22:16:35.0074 3440 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/12 22:16:35.0105 3440 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/12 22:16:35.0121 3440 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/12 22:16:35.0152 3440 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/12 22:16:35.0168 3440 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/12 22:16:35.0215 3440 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 22:16:35.0246 3440 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/12 22:16:35.0293 3440 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/12 22:16:35.0340 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/12 22:16:35.0636 3440 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/12 22:16:35.0949 3440 nvoclock (96c5900331bd17344f338d006888bae5) C:\WINDOWS\system32\DRIVERS\nvoclock.sys
2011/07/12 22:16:36.0183 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/12 22:16:36.0433 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/12 22:16:36.0637 3440 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/12 22:16:36.0855 3440 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/12 22:16:36.0887 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/12 22:16:36.0902 3440 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/12 22:16:36.0918 3440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/12 22:16:36.0965 3440 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/12 22:16:37.0121 3440 Point32 (60a044879c4fa76314494f5fddc43b93) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/07/12 22:16:37.0152 3440 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/12 22:16:37.0152 3440 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/12 22:16:37.0168 3440 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/12 22:16:37.0183 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/12 22:16:37.0215 3440 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/12 22:16:37.0308 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/12 22:16:37.0324 3440 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/12 22:16:37.0340 3440 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/12 22:16:37.0340 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/12 22:16:37.0387 3440 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/12 22:16:37.0433 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/12 22:16:37.0449 3440 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/12 22:16:37.0480 3440 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/12 22:16:37.0543 3440 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/12 22:16:37.0621 3440 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/07/12 22:16:37.0746 3440 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/12 22:16:37.0762 3440 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/12 22:16:37.0777 3440 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/07/12 22:16:37.0840 3440 Secdrv (314a998b1732c1acd6b6459ec9961ad8) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/12 22:16:37.0871 3440 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/12 22:16:37.0918 3440 sfdrv01 (56250672235bbe54ba8a4963b1ac997c) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/07/12 22:16:37.0933 3440 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/07/12 22:16:37.0965 3440 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/12 22:16:37.0980 3440 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/07/12 22:16:38.0027 3440 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/07/12 22:16:38.0074 3440 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/12 22:16:38.0121 3440 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/12 22:16:38.0121 3440 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/12 22:16:38.0121 3440 sptd - detected LockedFile.Multi.Generic (1)
2011/07/12 22:16:38.0168 3440 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/12 22:16:38.0246 3440 SRS_HDAL_Service (55426fed504356125080d1085024564c) C:\WINDOWS\system32\drivers\SRS_HDAL_i386.sys
2011/07/12 22:16:38.0262 3440 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/12 22:16:38.0340 3440 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/12 22:16:38.0387 3440 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/12 22:16:38.0418 3440 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/12 22:16:38.0543 3440 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/12 22:16:38.0590 3440 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
2011/07/12 22:16:38.0621 3440 Tcpip (6a603809f598332dbedd535bdbce313e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/12 22:16:38.0668 3440 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/12 22:16:38.0684 3440 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/12 22:16:38.0730 3440 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/12 22:16:38.0793 3440 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/12 22:16:38.0809 3440 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/12 22:16:38.0871 3440 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/12 22:16:38.0887 3440 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/12 22:16:38.0949 3440 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/12 22:16:38.0980 3440 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/12 22:16:39.0043 3440 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/12 22:16:39.0121 3440 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/12 22:16:39.0137 3440 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/12 22:16:39.0168 3440 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/12 22:16:39.0168 3440 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/12 22:16:39.0199 3440 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/12 22:16:39.0262 3440 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/12 22:16:39.0324 3440 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/12 22:16:39.0402 3440 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/12 22:16:39.0449 3440 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/12 22:16:39.0496 3440 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/12 22:16:39.0574 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/12 22:16:39.0574 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/12 22:16:39.0621 3440 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/12 22:16:39.0902 3440 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
2011/07/12 22:16:39.0918 3440 Boot (0x1200) (d41462815e5458130a85934036e61c53) \Device\Harddisk0\DR0\Partition0
2011/07/12 22:16:39.0918 3440 Boot (0x1200) (85fed13ed7e3185d30ab3bd1d685ee71) \Device\Harddisk1\DR2\Partition0
2011/07/12 22:16:39.0934 3440 Boot (0x1200) (c591b02578954f9e4204533542816a23) \Device\Harddisk1\DR2\Partition1
2011/07/12 22:16:39.0934 3440 ================================================================================
2011/07/12 22:16:39.0934 3440 Scan finished
2011/07/12 22:16:39.0934 3440 ================================================================================
2011/07/12 22:16:39.0965 4060 Detected object count: 1
2011/07/12 22:16:39.0965 4060 Actual detected object count: 1
2011/07/12 22:17:18.0733 4060 LockedFile.Multi.Generic(sptd) - User select action: Skip

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:05 PM

Posted 12 July 2011 - 09:19 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Chevelle1258

Chevelle1258
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 July 2011 - 10:09 PM

It said that it found no backdoors or anything else.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:05 PM

Posted 12 July 2011 - 10:18 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Chevelle1258

Chevelle1258
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 12 July 2011 - 10:23 PM

aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software
Run date: 2011-07-12 23:20:23
-----------------------------
23:20:23.703 OS Version: Windows 5.1.2600 Service Pack 3
23:20:23.703 Number of processors: 2 586 0x403
23:20:23.703 ComputerName: SHAWN_KELLY UserName: S
23:21:03.171 Initialize success
23:21:03.484 AVAST engine defs: 11071201
23:21:20.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:21:20.312 Disk 0 Vendor: WDC_WD5000AVVS-63M8B0 01.00A01 Size: 476940MB BusType: 3
23:21:20.312 Device \Driver\atapi -> MajorFunction 8b2971f8
23:21:20.312 Disk 0 MBR read error 0
23:21:20.328 Disk 0 MBR scan
23:21:20.328 Disk 0 unknown MBR code
23:21:20.328 MBR BIOS signature not found 0
23:21:20.343 Disk 0 scanning sectors +976752000
23:21:20.343 Disk 0 scanning C:\WINDOWS\system32\drivers
23:21:58.531 File: C:\WINDOWS\system32\drivers\tcpip.sys TDL3 **ROOTKIT**
23:22:06.046 Service scanning
23:22:12.953 Disk 0 trace - called modules:
23:22:12.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8b2971f8]<<
23:22:13.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b30cab8]
23:22:13.328 3 CLASSPNP.SYS[b80e905b] -> nt!IofCallDriver -> \Device\0000008a[0x8b20ef18]
23:22:13.328 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b25c940]
23:22:13.343 \Driver\atapi[0x8b2545a8] -> IRP_MJ_CREATE -> 0x8b2971f8
23:22:29.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\S\Desktop\MBR.dat"
23:22:29.328 The log file has been saved successfully to "C:\Documents and Settings\S\Desktop\aswMBR.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:05 PM

Posted 12 July 2011 - 10:36 PM

It looks like you still have a rootkit, but none of the tools allowed in this forum can remove it.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Chevelle1258

Chevelle1258
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 13 July 2011 - 09:05 AM

Thanks for you help, hopefully someone over in the other section can help me out here.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:05 PM

Posted 13 July 2011 - 06:28 PM

Good luck!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users