Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Vista Anti-Spyware 2012" Rogue Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Hotspur28

Hotspur28

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 26 July 2011 - 10:21 PM

Hello,

A moderator on another board has already walked me through how to deal with the Vista Anti-Spyware rogue malware, but I just want to be sure that it has been entirely flushed out. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic411056.html ~ OB I used a combination of MBAM, SAS, and TDSSkiller, but, even after scanning with Avast and assorted other anti-virus programs and finding nothing, I just want to confirm that the machine is clean and safe to use. I was asked to post DDS and GMER log files here, and I would be very grateful if a moderator could review them and let me know one way or the other. Thanks again, and please let me know if you need any other info.

***
DDS
***

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by Paul at 22:40:50 on 2011-07-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2037.955 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [SetPanel] c:\acer\apanel\APanel.cmd
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{99AECC5C-3800-4C05-AD6A-F8377AE181EE} : DhcpNameServer = 192.168.0.1
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\1wj23zjt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2011-7-25 32008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-25 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-25 309848]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-7-25 76696]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-7-18 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-25 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-25 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-25 42184]
R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2011-7-25 366640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-2-5 180736]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-2-5 32256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-25 22712]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-7-25 26096]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2011-7-25 6416120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-11 134128]
S2 sesvc;ShadowExplorer Service;"c:\program files\shadowexplorer\sesvc.exe" --> c:\program files\shadowexplorer\sesvc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-11 134128]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-7-18 80744]
.
=============== Created Last 30 ================
.
2011-07-26 22:27:44 23232 ----a-w- c:\windows\system32\PavSRK.sys
2011-07-26 20:10:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-25 15:33:55 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 15:33:54 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-25 15:33:06 40112 ----a-w- c:\windows\avastSS.scr
2011-07-25 15:32:44 -------- d-----w- c:\programdata\AVAST Software
2011-07-25 15:32:44 -------- d-----w- c:\program files\AVAST Software
2011-07-25 14:55:31 156672 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-07-25 07:18:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-25 06:23:50 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-25 04:58:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-25 04:58:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 04:45:27 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-07-25 04:33:51 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-07-25 04:33:51 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-07-25 04:33:51 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-07-25 04:33:50 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-07-25 04:33:50 -------- d-----w- c:\program files\Prevx
2011-07-25 04:33:43 -------- d-----w- c:\programdata\PrevxCSI
2011-07-25 04:03:18 -------- d-----w- c:\users\paul\appdata\local\PackageAware
2011-07-25 03:55:15 -------- d-----w- C:\sh4ldr
2011-07-25 03:55:15 -------- d-----w- c:\program files\Enigma Software Group
2011-07-25 03:54:30 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-07-25 03:45:36 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-25 03:45:06 -------- d-----w- c:\programdata\Hitman Pro
2011-07-25 00:37:51 -------- d-----w- c:\programdata\Panda Security
2011-07-25 00:12:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-25 00:01:25 -------- d-----w- c:\users\paul\appdata\roaming\SUPERAntiSpyware.com
2011-07-25 00:01:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-24 23:42:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-24 23:34:02 -------- d-----w- c:\windows\system32\sdtmp
2011-07-24 21:08:22 -------- d-----w- c:\program files\Spyware Doctor
2011-07-24 21:02:32 -------- d-----w- c:\users\paul\appdata\roaming\Malwarebytes
2011-07-24 21:02:24 -------- d-----w- c:\programdata\Malwarebytes
2011-07-24 20:36:41 0 ----a-w- c:\programdata\slxs.exe
2011-07-24 20:36:41 0 ----a-w- c:\programdata\rxxy.exe
2011-07-24 20:36:41 0 ----a-w- c:\programdata\cbro.exe
2011-07-24 20:36:41 0 ----a-w- c:\programdata\aklt.exe
2011-07-23 21:02:24 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9fad06b5-6f59-4e2f-a713-c4232986fc53}\mpengine.dll
2011-07-18 14:16:14 -------- d-sh--w- C:\found.001
2011-07-02 02:40:15 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-02 02:40:15 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-06-20 14:39:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 22:41:54.43 ===============


****
GMER
****

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-26 23:21:00
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AL
Running: gmer.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kgldapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D29A202]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x8D2F8AF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D29C7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D29C848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D29C95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D29C746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D29C898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D29C79A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x8D2F8B40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D29C90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D29A226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D299FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D29A24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D29CD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D29ACDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D29C820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D29C870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D29C988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D29C772]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x8D2F9490]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D29C8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D29C7C8]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x8D2F9320]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D29C936]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x8D2F8BE0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D29ABA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D29A26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D29A292]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x8D2F8AA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D29A04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D29A186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D29A162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D29A1AA]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x8D2F9630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x8D2F8C80]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D29A2B6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x8D2F9000]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D8F3398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 2FD 820AB8F4 4 Bytes [02, A2, 29, 8D]
.text ntoskrnl.exe!KeInsertQueue + 381 820AB978 4 Bytes [F0, 8A, 2F, 8D]
.text ntoskrnl.exe!KeInsertQueue + 3C1 820AB9B8 8 Bytes [F0, C7, 29, 8D, 48, C8, 29, ...]
.text ntoskrnl.exe!KeInsertQueue + 3CD 820AB9C4 4 Bytes [5E, C9, 29, 8D]
.text ntoskrnl.exe!KeInsertQueue + 3E5 820AB9DC 4 Bytes [46, C7, 29, 8D]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 821E1F2E 5 Bytes JMP 8D8EED4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 8222B203 4 Bytes CALL 8D29B34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObInsertObject 8222F67B 5 Bytes JMP 8D8F07F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 82258A7D 4 Bytes CALL 8D29B361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 822C62B0 7 Bytes JMP 8D8F339C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0x88736000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0x88737000, 0x1000, 0x00000000]
? C:\Users\Paul\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[436] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[436] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[436] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[436] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[436] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[436] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[436] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[436] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[436] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[436] SHELL32.dll!InitNetworkAddressControl + 2939 76870064 4 Bytes [F0, 1F, 00, 10]
.text C:\Windows\system32\csrss.exe[692] KERNEL32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Users\Paul\Desktop\gmer\gmer.exe[700] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\SYSTEM32\wininit.exe[740] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000301F8
.text C:\Windows\SYSTEM32\wininit.exe[740] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000303FC
.text C:\Windows\SYSTEM32\wininit.exe[740] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000503FC
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00050600
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00051014
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00050804
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00050A08
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00050C0C
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00050E10
.text C:\Windows\SYSTEM32\wininit.exe[740] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000501F8
.text C:\Windows\SYSTEM32\wininit.exe[740] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00060804
.text C:\Windows\SYSTEM32\wininit.exe[740] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000601F8
.text C:\Windows\SYSTEM32\wininit.exe[740] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000603FC
.text C:\Windows\SYSTEM32\wininit.exe[740] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00060600
.text C:\Windows\SYSTEM32\wininit.exe[740] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00060A08
.text C:\Windows\system32\csrss.exe[752] KERNEL32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[784] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[784] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[784] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[784] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[784] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[784] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[784] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00081014
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00080C0C
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00080E10
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[796] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00090804
.text C:\Windows\system32\lsass.exe[796] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsass.exe[796] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsass.exe[796] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00090600
.text C:\Windows\system32\lsass.exe[796] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00090A08
.text C:\Windows\system32\lsm.exe[804] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[804] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[804] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[804] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00180600
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00181014
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00180804
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00180A08
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Apoint2K\ApMsgFwd.exe[840] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001801F8
.text C:\Windows\SYSTEM32\winlogon.exe[876] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000301F8
.text C:\Windows\SYSTEM32\winlogon.exe[876] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000303FC
.text C:\Windows\SYSTEM32\winlogon.exe[876] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000603FC
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00060600
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00061014
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00060804
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00060A08
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00060C0C
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00060E10
.text C:\Windows\SYSTEM32\winlogon.exe[876] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000601F8
.text C:\Windows\SYSTEM32\winlogon.exe[876] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00070804
.text C:\Windows\SYSTEM32\winlogon.exe[876] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000701F8
.text C:\Windows\SYSTEM32\winlogon.exe[876] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000703FC
.text C:\Windows\SYSTEM32\winlogon.exe[876] USER32.dll!SetWindowsHookExA 767BBB0E 3 Bytes JMP 00070600
.text C:\Windows\SYSTEM32\winlogon.exe[876] USER32.dll!SetWindowsHookExA + 4 767BBB12 1 Byte [89]
.text C:\Windows\SYSTEM32\winlogon.exe[876] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00BB0804
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 00BB01F8
.text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 00BB03FC
.text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00BB0600
.text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00BB0A08
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00920804
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 009201F8
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 009203FC
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00920600
.text C:\Windows\System32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00920A08
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00190804
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001903FC
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00190A08
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 008B0804
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 008B01F8
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 008B03FC
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 008B0600
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 008B0A08
.text C:\Windows\System32\spoolsv.exe[1204] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[1204] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[1204] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000B03FC
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 000B0600
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 000B1014
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 000B0804
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 000B0A08
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\spoolsv.exe[1204] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000B01F8
.text C:\Windows\System32\spoolsv.exe[1204] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00110804
.text C:\Windows\System32\spoolsv.exe[1204] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001101F8
.text C:\Windows\System32\spoolsv.exe[1204] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001103FC
.text C:\Windows\System32\spoolsv.exe[1204] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00110600
.text C:\Windows\System32\spoolsv.exe[1204] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00110A08
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 002603FC
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00260600
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00260A08
.text C:\Windows\system32\AUDIODG.EXE[1292] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 008B03FC
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 008B0600
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 008B1014
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 008B0804
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 008B0A08
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 008B0C0C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 008B0E10
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 008B01F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00D50804
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 00D501F8
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 00D503FC
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00D50600
.text C:\Windows\system32\svchost.exe[1436] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00D50A08
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\SYSTEM32\taskeng.exe[1444] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\SYSTEM32\taskeng.exe[1444] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\SYSTEM32\taskeng.exe[1444] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Windows\SYSTEM32\taskeng.exe[1444] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Windows\SYSTEM32\taskeng.exe[1444] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Windows\SYSTEM32\taskeng.exe[1444] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Windows\SYSTEM32\taskeng.exe[1444] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint2K\Apntex.exe[1532] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Apoint2K\Apntex.exe[1532] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00160804
.text C:\Program Files\Apoint2K\Apntex.exe[1532] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001601F8
.text C:\Program Files\Apoint2K\Apntex.exe[1532] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001603FC
.text C:\Program Files\Apoint2K\Apntex.exe[1532] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00160600
.text C:\Program Files\Apoint2K\Apntex.exe[1532] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00160A08
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Apoint2K\Apntex.exe[1532] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\svchost.exe[1564] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 76466E2D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1784] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001301F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001303FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00150600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00151014
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00150804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00150A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00150C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00150E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00160804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001601F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00160600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00160A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1920] SHELL32.dll!InitNetworkAddressControl + 2939 76870064 4 Bytes [F0, 1F, 00, 10]
.text C:\Windows\system32\Dwm.exe[2040] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[2040] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[2040] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[2040] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[2040] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[2040] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[2040] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\Dwm.exe[2040] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[2040] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 000C0A08
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000901F8
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000903FC
.text C:\Windows\SYSTEM32\taskeng.exe[2060] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001B03FC
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 001B0600
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 001B1014
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 001B0804
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 001B0A08
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 001B0C0C
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 001B0E10
.text C:\Windows\SYSTEM32\taskeng.exe[2060] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001B01F8
.text C:\Windows\SYSTEM32\taskeng.exe[2060] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 001C0804
.text C:\Windows\SYSTEM32\taskeng.exe[2060] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001C01F8
.text C:\Windows\SYSTEM32\taskeng.exe[2060] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001C03FC
.text C:\Windows\SYSTEM32\taskeng.exe[2060] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 001C0600
.text C:\Windows\SYSTEM32\taskeng.exe[2060] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 001C0A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[2192] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text C:\Windows\RtHDVCpl.exe[2216] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[2216] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[2216] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[2216] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[2216] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[2216] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[2216] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001803FC
.text C:\Windows\RtHDVCpl.exe[2216] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[2216] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00180A08
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 00C303FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00C30600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00C31014
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00C30804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00C30A08
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00C30C0C
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00C30E10
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 00C301F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00C40804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 00C401F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 00C403FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00C40600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[2244] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00C40A08
.text C:\Program Files\Launch Manager\LManager.exe[2252] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Program Files\Launch Manager\LManager.exe[2252] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Launch Manager\LManager.exe[2252] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Launch Manager\LManager.exe[2252] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00310804
.text C:\Program Files\Launch Manager\LManager.exe[2252] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 003101F8
.text C:\Program Files\Launch Manager\LManager.exe[2252] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 003103FC
.text C:\Program Files\Launch Manager\LManager.exe[2252] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00310600
.text C:\Program Files\Launch Manager\LManager.exe[2252] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00310A08
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 003203FC
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00320600
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00321014
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00320804
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00320A08
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00320C0C
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00320E10
.text C:\Program Files\Launch Manager\LManager.exe[2252] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 003201F8
.text C:\Windows\ehome\ehmsas.exe[2268] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[2268] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[2268] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[2268] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[2268] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[2268] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[2268] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehmsas.exe[2268] USER32.dll!SetWindowsHookExA 767BBB0E 3 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[2268] USER32.dll!SetWindowsHookExA + 4 767BBB12 1 Byte [89]
.text C:\Windows\ehome\ehmsas.exe[2268] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00070A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00180600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00181014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00180804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00180A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2340] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001801F8
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001803FC
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00180600
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00181014
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00180804
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00180A08
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00180C0C
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00180E10
.text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2464] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001801F8
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001401F8
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001403FC
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00160804
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001601F8
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001603FC
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00160600
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00160A08
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe[2472] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Windows\ehome\ehtray.exe[2484] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2484] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2484] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[2484] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[2484] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[2484] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[2484] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[2484] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[2484] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2488] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001401F8
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001403FC
.text C:\Program Files\Apoint2K\Apoint.exe[2568] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[2568] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00160804
.text C:\Program Files\Apoint2K\Apoint.exe[2568] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001601F8
.text C:\Program Files\Apoint2K\Apoint.exe[2568] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001603FC
.text C:\Program Files\Apoint2K\Apoint.exe[2568] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00160600
.text C:\Program Files\Apoint2K\Apoint.exe[2568] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00160A08
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Apoint2K\Apoint.exe[2568] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Windows\System32\hkcmd.exe[2596] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[2596] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[2596] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2596] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[2596] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[2596] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[2596] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[2596] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[2596] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[2604] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[2604] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[2604] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2604] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[2604] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[2604] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[2604] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[2604] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[2604] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\igfxsrvc.exe[2672] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[2672] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[2672] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[2672] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[2672] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\igfxsrvc.exe[2688] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[2688] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[2688] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2688] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[2688] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[2688] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[2688] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[2688] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[2688] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001801F8
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00180804
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001801F8
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001803FC
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00180600
.text C:\Users\Paul\AppData\Local\Temp\RtkBtMnt.exe[2724] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxext.exe[2792] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxext.exe[2792] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxext.exe[2792] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\igfxext.exe[2792] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxext.exe[2792] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxext.exe[2792] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxext.exe[2792] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxext.exe[2792] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxext.exe[2792] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001801F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00180804
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001801F8
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001803FC
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00180600
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2960] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00180A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3088] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00290804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 002901F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 002903FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00290600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00290A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 002A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 002A0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 002A1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 002A0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 002A0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 002A0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 002A0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3140] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 002A01F8
.text C:\Acer\Mobility Center\MobilityService.exe[3176] KERNEL32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3200] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3200] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3200] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[3200] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[3200] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00200804
.text C:\Windows\System32\svchost.exe[3200] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 002001F8
.text C:\Windows\System32\svchost.exe[3200] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 002003FC
.text C:\Windows\System32\svchost.exe[3200] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00200600
.text C:\Windows\System32\svchost.exe[3200] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00200A08
.text C:\Windows\System32\svchost.exe[3240] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3240] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3240] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[3240] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[3264] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[3264] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[3264] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[3264] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 000F0804
.text C:\Windows\system32\svchost.exe[3264] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[3264] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[3264] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[3264] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 000F0A08
.text C:\Windows\system32\svchost.exe[3296] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3296] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3296] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[3296] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[3328] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3328] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3328] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3328] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3352] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3352] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3352] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 001703FC
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00170600
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00171014
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00170804
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00170A08
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00170C0C
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00170E10
.text C:\Windows\system32\SearchIndexer.exe[3352] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 001701F8
.text C:\Windows\system32\SearchIndexer.exe[3352] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00180804
.text C:\Windows\system32\SearchIndexer.exe[3352] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 001801F8
.text C:\Windows\system32\SearchIndexer.exe[3352] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 001803FC
.text C:\Windows\system32\SearchIndexer.exe[3352] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00180600
.text C:\Windows\system32\SearchIndexer.exe[3352] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00180A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3648] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\conime.exe[3696] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000401F8
.text C:\Windows\system32\conime.exe[3696] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000403FC
.text C:\Windows\system32\conime.exe[3696] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000603FC
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00060600
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00061014
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00060804
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00060A08
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00060C0C
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00060E10
.text C:\Windows\system32\conime.exe[3696] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000601F8
.text C:\Windows\system32\conime.exe[3696] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Windows\system32\conime.exe[3696] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\conime.exe[3696] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\conime.exe[3696] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\conime.exe[3696] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3708] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[3708] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[3708] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[3708] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3708] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\unsecapp.exe[3708] USER32.dll!SetWindowsHookExA 767BBB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[3708] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00080A08
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ntdll.dll!LdrLoadDll 77687933 5 Bytes JMP 000401F8
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ntdll.dll!LdrUnloadDll 7769E89C 5 Bytes JMP 000403FC
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] kernel32.dll!GetBinaryTypeW + 70 76491AE8 1 Byte [62]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!CreateServiceW 763338FF 5 Bytes JMP 000603FC
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!DeleteService 76333BEE 5 Bytes JMP 00060600
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 763766A9 5 Bytes JMP 00061014
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 763767A9 5 Bytes JMP 00060804
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 76376951 5 Bytes JMP 00060A08
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 76376A69 5 Bytes JMP 00060C0C
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 76376BB1 5 Bytes JMP 00060E10
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] ADVAPI32.dll!CreateServiceA 76376C71 5 Bytes JMP 000601F8
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] USER32.dll!SetWindowsHookExW 76797B69 5 Bytes JMP 00070804
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] USER32.dll!SetWinEventHook 7679915C 5 Bytes JMP 000701F8
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] USER32.dll!UnhookWinEvent 7679B702 5 Bytes JMP 000703FC
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] USER32.dll!SetWindowsHookExA 767BBB0E 3 Bytes JMP 00070600
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] USER32.dll!SetWindowsHookExA + 4 767BBB12 1 Byte [89]
.text D:\Malwarebytes' Anti-Malware\mbamservice.exe[3736] USER32.dll!UnhookWindowsHookEx 767C08BE 5 Bytes JMP 00070A08

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x93 0x0B 0xD2 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0x99 0x9B 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x8C 0xAC 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x93 0x0B 0xD2 0x91 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0x99 0x9B 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x8C 0xAC 0x34 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB25946$\1506001766 0 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\L 0 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\L\qnbwvoto 54784 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\loader.tlb 2540 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U 0 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@00000001 54368 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@000000c0 2560 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@000000cb 2048 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@80000000 24576 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@800000c0 33280 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@800000cb 27648 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\U\@800000cf 27648 bytes
File C:\Windows\$NtUninstallKB25946$\1506001766\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes
File C:\Windows\$NtUninstallKB25946$\2185596759 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Orange Blossom, 05 August 2011 - 01:25 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 05 August 2011 - 10:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411456 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:07 AM

Posted 10 August 2011 - 10:30 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users