Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trend boot virus?


  • Please log in to reply
6 replies to this topic

#1 tkelly1

tkelly1

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:09:43 AM

Posted 12 August 2011 - 06:52 AM

I just started up my computer and upon startup, it turned red and said I have a trend boot virus, and if I continue, the virus will remain on my computer. If I press c to 'remove it' it'll be gone, but they both take me to the same 'go back' ot 'continue boot up process' option page. Avast has been telling me of a malicious url in one of my computer's default folders for a few days. Please help. Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:43 AM

Posted 12 August 2011 - 11:21 AM

Is the computer bootable at all in any mode?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 tkelly1

tkelly1
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:09:43 AM

Posted 12 August 2011 - 04:40 PM

Yes, I click to boot anyways and it boots normally(So I'm in normal mode, not safe mode). Also, I didn't have time to do it this morning(school) but this is the full message that pops up while booting

--------------

Trend ChipAwayVirus has detected a boot virus on your hard disk!

Press <Enter> for more info(reccomended)
<C> to continue booting

"Complete virus protection for all the Enterprise"
Trend Micro - www.antivirus.com

--------------

Also, Avast gave me this when I started up:
Posted Image

#4 tkelly1

tkelly1
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:09:43 AM

Posted 12 August 2011 - 04:46 PM

This is also the thing Avast has been giving me for a few days. I only ignored it because it's in a system folder.. which I thoguht should never be 'bad'.

Posted Image

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:43 AM

Posted 12 August 2011 - 04:52 PM

Trend ChipAwayVirus seems to be a legit. See HERE

However we can run some checks...

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 tkelly1

tkelly1
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:09:43 AM

Posted 13 August 2011 - 06:16 PM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

------------------------------

MiniToolBox by Farbar
Ran by Tiffany (administrator) on 13-08-2011 at 16:28:05
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:61495

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 61495
"network.proxy.type", 4
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 5"

set address name="Wireless Network Connection 5" source=dhcp
set dns name="Wireless Network Connection 5" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 5" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : tiffany-islgkns Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.netEthernet adapter Wireless Network Connection 5: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : WPN311 RangeMax™ Wireless PCI Adapter #2 Physical Address. . . . . . . . . : 00-0F-B5-F8-53-84 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.73 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.254 Lease Obtained. . . . . . . . . . : Saturday, August 13, 2011 4:24:11 PM Lease Expires . . . . . . . . . . : Sunday, August 14, 2011 4:24:11 PMServer: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.47.103, 74.125.47.104, 74.125.47.105, 74.125.47.106
74.125.47.99, 74.125.47.147

Pinging google.com [74.125.47.99] with 32 bytes of data:Reply from 74.125.47.99: bytes=32 time=46ms TTL=48Reply from 74.125.47.99: bytes=32 time=44ms TTL=48Ping statistics for 74.125.47.99: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 44ms, Maximum = 46ms, Average = 45msServer: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=117ms TTL=53Reply from 98.137.149.56: bytes=32 time=110ms TTL=53Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 110ms, Maximum = 117ms, Average = 113msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f b5 f8 53 84 ...... WPN311 RangeMax™ Wireless PCI Adapter #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.73 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.73 192.168.1.73 25
192.168.1.73 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.73 192.168.1.73 25
224.0.0.0 240.0.0.0 192.168.1.73 192.168.1.73 25
255.255.255.255 255.255.255.255 192.168.1.73 192.168.1.73 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/13/2011 03:35:53 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/13/2011 03:35:53 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/07/2011 01:12:48 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.3.0.120, faulting module skype.exe, version 5.3.0.120, fault address 0x00002caf.
Processing media-specific event for [skype.exe!ws!]

Error: (08/07/2011 01:10:57 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.3.0.120, faulting module skype.exe, version 5.3.0.120, fault address 0x0011b0ad.
Processing media-specific event for [skype.exe!ws!]

Error: (08/04/2011 02:32:07 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/04/2011 02:32:07 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/04/2011 02:32:03 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/04/2011 02:29:08 PM) (Source: Application Hang) (User: )
Description: Hanging application SpywareTerminator.exe, version 2.8.2.192, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/28/2011 01:35:48 PM) (Source: Application Hang) (User: )
Description: Hanging application Skype.exe, version 5.3.0.120, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/28/2011 01:34:21 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.3.0.120, faulting module skype.exe, version 5.3.0.120, fault address 0x00004b94.
Processing media-specific event for [skype.exe!ws!]


System errors:
=============
Error: (08/13/2011 03:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/13/2011 11:28:42 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/12/2011 09:43:25 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/12/2011 05:26:00 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/12/2011 07:46:42 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/11/2011 03:55:57 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/11/2011 07:35:04 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/10/2011 04:06:03 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/09/2011 09:39:49 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (08/08/2011 11:28:57 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Reader 8.1.3 (Version: 8.1.3)
Adobe Shockwave Player (Version: 11)
Akamai NetSession Interface
avast! Free Antivirus (Version: 6.0.1203.0)
Epson Event Manager (Version: 2.20.00)
EPSON NX110 Series Printer Uninstall
EPSON Scan
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Logitech QuickCam (Version: 11.80.1065)
Logitech QuickCam Driver Package
Logitech Updater (Version: 1.70)
Messenger Plus! Live (Version: 4.85.0.386)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nero Suite
NETGEAR WG311v3 802.11g Wireless PCI Adapter (Version: 1.00)
NETGEAR WPN311 Wireless Adapter (Version: 1.00.0000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Seagate DiscWizard (Version: 11.0.8326)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.3 (Version: 5.3.120)
SoulSeek 157 NS 13e
Spyware Terminator (Version: 2.8.2.192)
TotalMedia Extreme
Viewpoint Media Player
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 83%
Total physical RAM: 511.53 MB
Available physical RAM: 85.99 MB
Total Pagefile: 1630.66 MB
Available Pagefile: 1043.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.25 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:152.66 GB) (Free:131.66 GB) NTFS

========================= Users: ========================================

User accounts for \\TIFFANY-ISLGKNS

Administrator Guest HelpAssistant
SUPPORT_388945a0 Tiffany


== End of log ==

------------------------------

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7457

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/13/2011 4:46:43 PM
mbam-log-2011-08-13 (16-46-43).txt

Scan type: Quick scan
Objects scanned: 156594
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ALG32 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\atmlib32.exe (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.
c:\documents and settings\tiffany\local settings\temp\38.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\tiffany\local settings\temp\tmph8356480159760657932.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

------------------------------

[572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.eGMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-13 19:11:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Maxtor_6Y160P0 rev.YAR41BW0
Running: uw4wk5xw.exe; Driver: C:\DOCUME~1\Tiffany\LOCALS~1\Temp\kgndrfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF69E6202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF6A4CD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF6A0A6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF69E87F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF69E8848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF69E895E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF6A0A075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF69E8746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF69E8898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF69E879A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF69E890C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF69E6226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF6A0AD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF6A0B03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF69E8BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF6A0ABF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF6A0AA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF6A4CE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF69E5FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF69E624A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF69E8D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF69E6CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF69E8820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF69E8870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF69E8988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF6A0A3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF69E8772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF69E8A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF69E88D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF69E87C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF69E8AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF69E8936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF6A4CED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF6A0A8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF69E6BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF6A0A72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF6A5510E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF6A096E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF69E626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF69E6292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF69E604A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF69E6186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF6A0AE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF69E6162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF69E61AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF69E62B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF6A62398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL FD44CA83
.text win32k.sys!EngGradientFill + 26F1 BF8947C3 2 Bytes [15, 37]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe[400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\smss.exe[544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[560] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exexe[572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\csrss.exe[592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01DF000A
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 01E0000A
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0256000A
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[944] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[1132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[1924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\ctfmon.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00411014
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00410804
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00410A08
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00410C0C
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00410E10
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004101F8
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004103FC
.text C:\WINDOWS\system32\ctfmon.exe[1932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00410600
.text C:\WINDOWS\system32\ctfmon.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00420804
.text C:\WINDOWS\system32\ctfmon.exe[1932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00420A08
.text C:\WINDOWS\system32\ctfmon.exe[1932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00420600
.text C:\WINDOWS\system32\ctfmon.exe[1932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004201F8
.text C:\WINDOWS\system32\ctfmon.exe[1932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004203FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1952] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\acs.exe[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\acs.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\acs.exe[1964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\acs.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\acs.exe[1964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\acs.exe[1964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\acs.exe[1964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\acs.exe[1964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\acs.exe[1964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\acs.exe[1964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[2392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2392] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2392] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2392] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2392] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2392] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2392] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00701014
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00700804
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00700A08
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00700C0C
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00700E10
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007001F8
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007003FC
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00700600
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00710804
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00710A08
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00710600
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007101F8
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007103FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004D1014
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004D0804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004D0A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004D0C0C
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004D0E10
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004D01F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004D03FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004D0600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004E0804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004E0A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004E0600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004E01F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004E03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004E1014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004E0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004E0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004E0C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004E0E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004E01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004E03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004E0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004F0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004F0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004F0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004F01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004F03FC
.text C:\Documents and Settings\Tiffany\My Documents\Downloads\uw4wk5xw.exe[2604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Tiffany\My Documents\Downloads\uw4wk5xw.exe[2604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\SOUNDMAN.EXE[2632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[2632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004A0804
.text C:\WINDOWS\SOUNDMAN.EXE[2632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004A0A08
.text C:\WINDOWS\SOUNDMAN.EXE[2632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004A0600
.text C:\WINDOWS\SOUNDMAN.EXE[2632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004A01F8
.text C:\WINDOWS\SOUNDMAN.EXE[2632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004A03FC
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004B1014
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004B0804
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004B0A08
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004B0C0C
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004B0E10
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004B01F8
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004B03FC
.text C:\WINDOWS\SOUNDMAN.EXE[2632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004B0600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00531014
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00530804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00530A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00530C0C
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00530E10
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005301F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005303FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00530600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00540804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00540A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00540600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005401F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005403FC
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00550804
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00550A08
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00550600
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005501F8
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005503FC
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00561014
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00560804
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00560A08
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00560C0C
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00560E10
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005601F8
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005603FC
.text C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00560600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00681014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00680804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00680A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00680C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00680E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006801F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006803FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00680600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00690804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00690A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00690600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006901F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006903FC
.text C:\WINDOWS\system32\wscntfy.exe[3108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00721014
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00720804
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00720A08
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00720C0C
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00720E10
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007201F8
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007203FC
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00720600
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00730804
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00730A08
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00730600
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007301F8
.text C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007303FC
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005A1014
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005A0804
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 005A0A08
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 005A0C0C
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 005A0E10
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005A01F8
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005A03FC
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005A0600
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005B0804
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005B0A08
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005B0600
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005B01F8
.text C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005B03FC
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00981014
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00980804
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00980A08
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00980C0C
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00980E10
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009801F8
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009803FC
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00980600
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00990804
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00990A08
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00990600
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009901F8
.text C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009903FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00520804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00520A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00520600
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005201F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005203FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00531014
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00530804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00530A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00530C0C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00530E10
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005301F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005303FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00530600
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004D0804
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004D0A08
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004D0600
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004D01F8
.text C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004D03FC
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006D1014
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006D0804
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006D0A08
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006D0C0C
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006D0E10
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006D01F8
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006D03FC
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006D0600
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006E0804
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006E0A08
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006E0600
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006E01F8
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006E03FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[4016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[4016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\devldr32.exe[4064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\devldr32.exe[4064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\devldr32.exe[4064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\devldr32.exe[4064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\devldr32.exe[4064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\devldr32.exe[4064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\devldr32.exe[4064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\devldr32.exe[4064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\devldr32.exe[4064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\devldr32.exe[4064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\WINDOWS\Explorer.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [018B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [018B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [018B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [018B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01242F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01242CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01242D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01242CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2480] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tiffany\My Documents\Downloads\uw4wk5xw.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tiffany\My Documents\Downloads\uw4wk5xw.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tiffany\My Documents\Downloads\uw4wk5xw.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tiffany\My Documents\Downloads\uw4wk5xw.exe[2604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe[2924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CF2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CF2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CF2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CF2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NETGEAR\WPN311\wlancfg5.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00EF2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00EF2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00EF2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00EF2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe[3636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[3972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\devldr32.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00942F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\devldr32.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00942CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\devldr32.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00942D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\devldr32.exe[4064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00942CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8317A2E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8317A2E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8317A2E0

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:43 AM

Posted 13 August 2011 - 06:38 PM

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

=======================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users