Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus, but alas I am not versed in computer medical care. :(


  • Please log in to reply
6 replies to this topic

#1 Satans Hourglass

Satans Hourglass

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 PM

Posted 13 July 2011 - 04:23 PM

Recently (in the last couple of days) my comp has been randomly shutting down programs. When I click search for a solution online it "pretends" to look and then just stops and the window closes. Also programs like skype and my asus sound center have disappeared. I run MS Windows Vista Home Premium 32-bit SP2 with AMD Athlon X2 Dual Core Processor BE-2350, 4.0GB RAM, NVIDIA GeForce 9800 GT.

I use avast! Antivirus and did a full system scan...came up with no viruses, but one file was "unscannable". C:\ProgramData\Pure Networks\Platform The error went as this... Error: The file or directory is corrupted and unreadable (1392) but when I scanned the Pure Networks folder manually there was no threat found.

I use Firefox 5.0 with 10MB cable internet and it is entirely too slow. When I started getting error messages my internet also started to intermittently go out and I have to reset my router at least 5 times a day. I watch movies and tv shows at Hulu.com and Netflix.com and the videos have started to buffer every 5 seconds. I literally tried watching an episode and it took me 30 mins to get through 11 mins of the show.

My CPU usage spikes at 100% very often and my memory usage hovers between 1.28GB to 1.5GB.

I have no idea if these are all of the same issue or if they are different. So I apologize if they are multiple problems. I would like to focus on the program disappearances and errors first if they are separate issues.

If I can be more specific please let me know and I will try my best and thank you so much in advance. :)

Edited by hamluis, 13 July 2011 - 07:27 PM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:46 PM

Posted 13 July 2011 - 10:18 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Satans Hourglass

Satans Hourglass
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 PM

Posted 14 July 2011 - 09:22 AM

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 24
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Empowering Technology eSettings Service capuserv.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````










Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7124

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/14/2011 1:25:54 AM
mbam-log-2011-07-14 (01-25-54).txt

Scan type: Quick scan
Objects scanned: 162894
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 829

Memory Processes Infected:
(No malicious items detected)















MiniToolBox by Farbar
Ran by Ghostphoenix (administrator) on 14-07-2011 at 01:08:22
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

== End of IE Proxy Settings ==

========================= FF Proxy Settings: ==============================


== End of FF Proxy Settings ==
=============== Hosts content: ============================================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

== End of Hosts ==

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ghostphoenix-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1C-25-82-6B-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ec9a:70e1:5157:9e2b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 13, 2011 3:30:52 PM
Lease Expires . . . . . . . . . . : Sunday, August 20, 2147 7:36:38 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 251658604
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-7F-4E-69-00-1C-25-82-6B-87
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c08:30ac:3f57:fdfd(Preferred)
Link-local IPv6 Address . . . . . : fe80::c08:30ac:3f57:fdfd%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server:
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.93.104
74.125.93.106
74.125.93.99
74.125.93.105
74.125.93.103
74.125.93.147



Pinging google.com [74.125.93.104] with 32 bytes of data:

Reply from 74.125.93.104: bytes=32 time=57ms TTL=50

Reply from 74.125.93.104: bytes=32 time=81ms TTL=50



Ping statistics for 74.125.93.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 81ms, Average = 69ms

Server:
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=81ms TTL=49

Reply from 98.137.149.56: bytes=32 time=106ms TTL=49



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 81ms, Maximum = 106ms, Average = 93ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 1c 25 82 6b 87 ...... Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
18 ...00 00 00 00 00 00 00 e0 isatap.Belkin
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 276
192.168.2.2 255.255.255.255 On-link 192.168.2.2 276
192.168.2.255 255.255.255.255 On-link 192.168.2.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 38 ::/0 On-link
1 306 ::1/128 On-link
11 38 2001::/32 On-link
11 286 2001:0:4137:9e76:c08:30ac:3f57:fdfd/128
On-link
10 276 fe80::/64 On-link
11 286 fe80::/64 On-link
11 286 fe80::c08:30ac:3f57:fdfd/128
On-link
10 276 fe80::ec9a:70e1:5157:9e2b/128
On-link
1 306 ff00::/8 On-link
11 286 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

== End of IP Configuration ==

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/13/2011 06:06:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030

Error: (07/13/2011 06:06:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030

Error: (07/13/2011 06:06:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2011 03:38:31 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (07/13/2011 03:38:30 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/13/2011 03:38:29 PM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (07/13/2011 03:38:29 PM) (Source: Perflib) (User: )
Description: LsaC:\Windows\system32\Secur32.dll4

Error: (07/13/2011 03:38:29 PM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4

Error: (07/13/2011 03:38:29 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (07/13/2011 03:37:49 PM) (Source: Application Error) (User: )
Description: Faulting application ASUSAUDIOCENTER.EXE, version 0.3.0.36, time stamp 0x4d802c45, faulting module ASUSAUDIOCENTER.EXE, version 0.3.0.36, time stamp 0x4d802c45, exception code 0xc0000005, fault offset 0x0000d170,
process id 0x1170, application start time 0xASUSAUDIOCENTER.EXE0.


System errors:
=============
Error: (07/13/2011 03:22:33 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume ACER.

Error: (07/13/2011 03:22:32 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (07/13/2011 03:22:31 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume ACER.

Error: (07/13/2011 03:22:30 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume ACER.

Error: (07/13/2011 03:22:30 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Error: (07/13/2011 03:22:32 PM) (Source: Service Control Manager) (User: )
Description: Windows Modules Installer%%563

Error: (07/13/2011 03:22:29 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume ACER.

Error: (07/13/2011 03:22:29 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume ACER.

Error: (07/13/2011 03:22:26 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume ACER.

Error: (07/13/2011 03:22:26 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume ACER.


Microsoft Office Sessions:
=========================

== End of Event log errors ==

========================= Memory info: ====================================

Percentage of memory in use: 43%
Total physical RAM: 3326.58 MB
Available physical RAM: 1893.8 MB
Total Pagefile: 6883.68 MB
Available Pagefile: 5381.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.43 MB

======================= Partitions: =======================================

1 Drive c: (ACER) (Fixed) (Total:144.29 GB) (Free:29.74 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:143.76 GB) NTFS

================= Users: ==================================================

User accounts for \\GHOSTPHOENIX-PC

-------------------------------------------------------------------------------
Administrator Ghostphoenix Guest
The command completed successfully.

== End of Users ==

#4 Satans Hourglass

Satans Hourglass
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 PM

Posted 14 July 2011 - 09:23 AM

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-14 08:49:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-7 ST3320820AS rev.3.AAD
Running: GMER.exe; Driver: C:\Users\GHOSTP~1\AppData\Local\Temp\fwrdqpog.sys

.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x93215202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x932177F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x93217848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9321795E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x93217746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x93217898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9321779A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9321790C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x93215226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x93214FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9321524A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x93217D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x93215CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x93217820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x93217870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x93217988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x93217772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x932178D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x932177C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x93217936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x93215BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9321526E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x93215292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9321504A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x93215186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x93215162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x932151AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x932152B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x93687398]

#5 Satans Hourglass

Satans Hourglass
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 PM

Posted 14 July 2011 - 09:24 AM

---- User code sections - GMER 1.0.15 ----

.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00C20C0C
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00C20E10
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00C20804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00C20A08
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 00C201F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 00C203FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00C20600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00C21014
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 01B8A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 01B8A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00C30600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00C30804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 00C301F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00C30A08
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3768] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 00C303FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00180600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00180804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001801F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00180A08
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[1776] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001803FC
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[1672] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00180C0C
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00180E10
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00180804
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00180A08
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001801F8
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001803FC
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00180600
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00181014
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001601F8
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001603FC
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00170600
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00170804
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001701F8
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00170A08
.text C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[2336] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001703FC
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2568] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2672] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Acer\Empowering Technology\SysMonitor.exe[3708] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Acer\Empowering Technology\SysMonitor.exe[3708] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Acer\Empowering Technology\SysMonitor.exe[3708] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00190C0C
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00190E10
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00190804
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00190A08
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001901F8
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00190600
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00191014
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001401F8
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001403FC
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00180600
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00180804
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00180A08
.text C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe[1424] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000601F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000603FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00070600
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00070804
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00070A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[2180] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000703FC
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00180C0C
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00180E10
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00180804
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00180A08
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001801F8
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00180600
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00181014
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00170600
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00170804
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00170A08
.text C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE[440] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1676] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1676] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1676] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2348] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2348] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2348] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1720] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 7633A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1376] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1376] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1376] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00090600
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00090804
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00090A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[724] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4052] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 002A0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 002A0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 002A0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 002A0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 002A01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 002A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 002A0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 002A1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00290600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00290804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 002901F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00290A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2232] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 002903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2440] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 000B0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 000C0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2544] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[788] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2744] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001401F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001403FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00160600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00160804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001601F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00160A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2296] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001603FC
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00180C0C
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00180E10
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00180804
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00180A08
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001801F8
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001803FC
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00180600
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00181014
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00170600
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00170804
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001701F8
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00170A08
.text C:\Program Files\iWin Games\iWinTrusted.exe[2212] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00060C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00060E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00060804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00060A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00060600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00061014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00170600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00170804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00170A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[396] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00180600
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00180804
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00180A08
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3616] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001803FC
.text c:\program files\windows defender\MpCmdRun.exe[3536] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]

#6 Satans Hourglass

Satans Hourglass
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:46 PM

Posted 14 July 2011 - 09:26 AM

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Defender\MSASCui.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [01F42B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01F411D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [01F427E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Windows Defender\MSASCui.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [01F41B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3684] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2868] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2616] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000C03FC
.text C:\Users\Ghostphoenix\Desktop\GMER.exe[3772] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[156] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[156] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[156] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[156] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[156] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\ehome\ehmsas.exe[156] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\ehome\ehmsas.exe[156] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[156] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[156] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[156] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[156] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\ehome\ehtray.exe[3124] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[3124] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[3124] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[3124] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00090600
.text C:\Windows\ehome\ehtray.exe[3124] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00090804
.text C:\Windows\ehome\ehtray.exe[3124] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000901F8
.text C:\Windows\ehome\ehtray.exe[3124] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00090A08
.text C:\Windows\ehome\ehtray.exe[3124] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000903FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74ABA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74AECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3360] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3360] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3360] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\Explorer.EXE[3360] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3360] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3360] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 76EAB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Windows\Explorer.EXE[3360] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3360] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3360] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3360] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3360] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\atashost.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\atashost.exe[1428] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\atashost.exe[1428] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\atashost.exe[1428] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\atashost.exe[1428] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00160600
.text C:\Windows\system32\atashost.exe[1428] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00160804
.text C:\Windows\system32\atashost.exe[1428] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\atashost.exe[1428] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\atashost.exe[1428] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\AUDIODG.EXE[1252] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\csrss.exe[536] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3332] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3332] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3332] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3332] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3332] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3332] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3332] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3332] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[644] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[644] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[644] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[644] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[644] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[652] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\lsm.exe[652] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[652] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\mobsync.exe[5300] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\mobsync.exe[5300] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\System32\mobsync.exe[5300] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\mobsync.exe[5300] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\mobsync.exe[5300] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\System32\mobsync.exe[5300] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\System32\mobsync.exe[5300] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\mobsync.exe[5300] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\mobsync.exe[5300] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\nvvsvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1452] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[1452] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[1452] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[1452] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[1452] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[1452] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[1452] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\nvvsvc.exe[900] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[900] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[900] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[900] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2496] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2496] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2496] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2496] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2496] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2496] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2496] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2496] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[632] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00240002
IAT C:\Windows\system32\services.exe[632] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00240000

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[632] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\services.exe[632] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[632] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[632] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[632] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[632] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[632] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[632] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[360] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[360] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[360] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[360] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 000D0600
.text C:\Windows\System32\spoolsv.exe[360] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\spoolsv.exe[360] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\spoolsv.exe[360] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\spoolsv.exe[360] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000D03FC
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 000C0C0C
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 000C0E10
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 000C1014
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 001F0804
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001F01F8
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 001F0A08
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001F03FC
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00DA0600
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00DA0804
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 00DA01F8
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00DA0A08
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 00DA03FC
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 000E0804
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 000E0A08
.text C:\Windows\system32\svchost.exe[1172] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1276] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00BF0600
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00BF0804
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 00BF01F8
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00BF0A08
.text C:\Windows\system32\svchost.exe[1320] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 00BF03FC
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1568] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1568] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00B60600
.text C:\Windows\system32\svchost.exe[1568] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00B60804
.text C:\Windows\system32\svchost.exe[1568] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 00B601F8
.text C:\Windows\system32\svchost.exe[1568] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00B60A08
.text C:\Windows\system32\svchost.exe[1568] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 00B603FC
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[2104] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2104] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2104] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 001C0600
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 001C0804
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001C01F8
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 001C0A08
.text C:\Windows\system32\svchost.exe[2264] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001C03FC
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[2360] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2360] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2360] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[2416] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[2416] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2416] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2416] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[4224] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[4224] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4224] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4224] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4224] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 000D0600
.text C:\Windows\system32\svchost.exe[4224] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 000D0804
.text C:\Windows\system32\svchost.exe[4224] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[4224] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 000D0A08
.text C:\Windows\system32\svchost.exe[4224] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000D03FC
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[492] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[492] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[492] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[492] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00980600
.text C:\Windows\system32\svchost.exe[492] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00980804
.text C:\Windows\system32\svchost.exe[492] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 009801F8
.text C:\Windows\system32\svchost.exe[492] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00980A08
.text C:\Windows\system32\svchost.exe[492] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 009803FC
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[5052] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[5052] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5052] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[5052] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00970600
.text C:\Windows\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00970804
.text C:\Windows\system32\svchost.exe[840] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 009701F8
.text C:\Windows\system32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00970A08
.text C:\Windows\system32\svchost.exe[840] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 009703FC
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[920] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[920] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00AB0600
.text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00AB0804
.text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 00AB01F8
.text C:\Windows\System32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00AB0A08
.text C:\Windows\System32\svchost.exe[920] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 00AB03FC
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00220600
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00220804
.text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 002201F8
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00220A08
.text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 002203FC
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 76477099 3 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A + 4 7647709D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[964] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[964] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00200600
.text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00200804
.text C:\Windows\System32\svchost.exe[964] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 002001F8
.text C:\Windows\System32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00200A08
.text C:\Windows\System32\svchost.exe[964] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 002003FC
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2860] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2860] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2860] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2860] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2860] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2860] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2860] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2860] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2860] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3968] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3968] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3968] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3968] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3968] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3968] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3968] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3968] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3968] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[1504] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\system32\wbem\unsecapp.exe[1504] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\system32\wbem\unsecapp.exe[1504] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[1504] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[1504] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[1504] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[1504] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[2968] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[588] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[588] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[588] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[588] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[588] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[588] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[588] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[588] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[704] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[704] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[704] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[704] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[704] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[2688] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2688] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[2688] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[2688] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[2688] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[2688] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[2688] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[2688] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00180C0C
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00180E10
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00180804
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00180A08
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 001801F8
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 001803FC
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00180600
.text C:\Windows\system\HsMgr.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00181014
.text C:\Windows\system\HsMgr.exe[3960] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\system\HsMgr.exe[3960] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 001501F8
.text C:\Windows\system\HsMgr.exe[3960] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 001503FC
.text C:\Windows\system\HsMgr.exe[3960] ole32.dll!CoCreateInstance 76619F3E 5 Bytes JMP 1000A4D0 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\system\HsMgr.exe[3960] ole32.dll!CoCreateInstanceEx 76619F81 5 Bytes JMP 1000A630 C:\Windows\system\HsSrv.dll (HsSrv Dynamic Link Library/C-Media Electronics Inc.)
.text C:\Windows\system\HsMgr.exe[3960] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00170600
.text C:\Windows\system\HsMgr.exe[3960] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00170804
.text C:\Windows\system\HsMgr.exe[3960] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 001701F8
.text C:\Windows\system\HsMgr.exe[3960] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00170A08
.text C:\Windows\system\HsMgr.exe[3960] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 001703FC
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 76477099 5 Bytes JMP 00070C0C
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 764771E1 5 Bytes JMP 00070E10
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 76476DD9 5 Bytes JMP 00070804
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 76476F81 5 Bytes JMP 00070A08
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!CreateServiceA 764772A1 5 Bytes JMP 000701F8
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!CreateServiceW 76439EB4 5 Bytes JMP 000703FC
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!DeleteService 7643A07E 5 Bytes JMP 00070600
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 76476CD9 5 Bytes JMP 00071014
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] kernel32.dll!GetBinaryTypeW + 70 76362247 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ntdll.dll!LdrLoadDll 77A893A8 5 Bytes JMP 000501F8
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] ntdll.dll!LdrUnloadDll 77A9B740 5 Bytes JMP 000503FC
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] USER32.dll!SetWindowsHookExA 77B96322 5 Bytes JMP 00080600
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] USER32.dll!SetWindowsHookExW 77B987AD 5 Bytes JMP 00080804
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] USER32.dll!SetWinEventHook 77B99F3A 5 Bytes JMP 000801F8
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] USER32.dll!UnhookWindowsHookEx 77B998DB 5 Bytes JMP 00080A08
.text C:\Windows\WindowsMobile\wmdcBase.exe[1432] USER32.dll!UnhookWinEvent 77B9C06F 5 Bytes JMP 000803FC

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82CF1890 4 Bytes [02, 52, 21, 93] {ADD DL, [EDX+0x21]; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1D1 82CF1954 8 Bytes [F0, 77, 21, 93, 48, 78, 21, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 82CF1960 4 Bytes CALL A44877E7
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CF1978 4 Bytes [46, 77, 21, 93] {INC ESI; JA 0x24; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 215 82CF1998 8 Bytes [98, 78, 21, 93, 9A, 77, 21, ...]
PAGE ntkrnlpa.exe!ObInsertObject 82E754F3 5 Bytes JMP 936847F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E1C5C7 5 Bytes JMP 93682D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E82A8C 4 Bytes CALL 93216361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ED6DAE 7 Bytes JMP 9368739C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E7EE18 4 Bytes CALL 9321634B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? System32\drivers\krinmakn.sys The system cannot find the path specified. !
.text win32k.sys!CLIPOBJ_bEnum + 248 9D32A902 5 Bytes JMP 93218008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 9D2FF22A 5 Bytes JMP 93218CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 9D268EB9 5 Bytes JMP 93218E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 4537 9D24FC90 5 Bytes JMP 93218440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 9D3250A6 5 Bytes JMP 932180AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 9D2C0A12 5 Bytes JMP 93218B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 9D2C3371 5 Bytes JMP 93217E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 9D34D707 5 Bytes JMP 9321803E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D23F 9D359F37 5 Bytes JMP 932180E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 9D299A25 5 Bytes JMP 93218180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 9D299A79 5 Bytes JMP 93218326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3A 9D2C9CA9 5 Bytes JMP 93217FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EBA 9D2FBAB3 5 Bytes JMP 93218BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 9D2F5415 5 Bytes JMP 93218D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9D32E43A 5 Bytes JMP 93218ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 9D2D4110 1 Byte [E9]
.text win32k.sys!EngStretchBlt + 2B42 9D2D4110 5 Bytes JMP 93219014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 9D2D6FFC 5 Bytes JMP 93217E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 9D269CA5 5 Bytes JMP 93218F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 9D272407 5 Bytes JMP 93217D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 9D306B49 5 Bytes JMP 93217EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F1 9D27EA84 5 Bytes JMP 93218316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 455C 9D27FEEF 5 Bytes JMP 93217F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 9D273350 5 Bytes JMP 93218BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:46 PM

Posted 14 July 2011 - 01:57 PM

MBAM discovered a lot, but you didn't post a whole log.
I'd like to see what was removed.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users