Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FVD Suite is Google redirect in IE?


  • This topic is locked This topic is locked
14 replies to this topic

#1 Modus47

Modus47

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 12 August 2011 - 12:25 PM

Hi
I'm not really sure what it is, but something seems to be wrong. Using both FF & IE and the problem seems to be in IE only.
In FF you can simply type efsuufhihg in the address bar and Google will try to find the best/first hit on that (and lead you straight there) and if it doesn't have one, it will show the search results. This should work in IE too I guess.

But, if I type efsuufhihg in IE's address bar, I will end up in a Google like page, but the logo on the top left has been replaced by the FVD Suite logo (with a link to the FVD homepage underneath), like this:

Posted Image

The page doesn't show any search results at all, but maybe this has to do with my using an older version of IE (7.0.5730.13), and if I copy the URL of this page into FF (3.0.19) I do actually see some search results.

Apart from the above, I don't seem to have any other suspicious things like strange popups, freezing programs, bad performance etc., in both browsers. Avast doesn't find anything strange, nor does MalwareBAM.
Any help on this issue?
Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 12 August 2011 - 12:45 PM

Open IE.
Go Tools>Internet Options>Advanced tab, click on "Reset" button.
Restart IE.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Modus47

Modus47
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 12 August 2011 - 12:55 PM

Thanx. Followed your instruction, did a system reboot, but unfortunately this didn't solve the problem.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 12 August 2011 - 02:15 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Modus47

Modus47
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 12 August 2011 - 04:58 PM

SecurityCheck:
===========================================
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader X (10.1.0) - Nederlands
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
===============================================



MiniToolBox:
===============================================
MiniToolBox by Farbar
Ran by Matthijn (administrator) on 12-08-2011 at 22:04:49
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 54586
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IP-configuratie van interface
# ----------------------------------
pushd interface ip


# IP-configuratie van interface voor "LAN-verbinding"

set address name="LAN-verbinding" source=dhcp
set dns name="LAN-verbinding" source=dhcp register=PRIMARY
set wins name="LAN-verbinding" source=dhcp


popd
# Einde van IP-configuratie van interface

Windows IP-configuratie

Host-naam . . . . . . . . . . . .: sp2mcepc
Primair DNS-achtervoegsel. . . . .:
Knooppunttype: . . . . . . . . . .: onbekend
IP-routering ingeschakeld. . . . .: nee
WINS-proxy ingeschakeld . . . . . : nee

Ethernet-adapter LAN-verbinding:
Verbindingsspec. DNS-achtervoegsel:
Beschrijving . . . . . . . . . . .:

Intel® PRO/1000 PM Network Connection
Fysiek adres. . . . . . . . . . . : 00-13-D4-82-C2-88
DHCP ingeshakeld. . . . . . . . . : ja
Autom. configuratie ingeschakeld. : ja
IP-adres. . . . . . . . . . . . . : 192.168.2.2
Subnetmasker. . . . . . . . . . . : 255.255.255.0
Standaardgateway. . . . . . . . . : 192.168.2.1
DHCP-server . . . . . . . . . . . : 192.168.2.1
DNS-servers . . . . . . . . . . . : 192.168.2.1
Lease verkregen . . . . . . . . . : vrijdag 12 augustus 2011 19:59:30
Lease verlopen . . . . . . . . . : zondag 14 augustus 2011 19:59:30

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.79.99, 74.125.79.147, 74.125.79.104

Pingen naar google.com [74.125.79.99] met 32 byte gegevens:
Antwoord van 74.125.79.99: bytes=32 tijd=24 ms TTL=53
Antwoord van 74.125.79.99: bytes=32 tijd=25 ms TTL=53
Ping-statistieken voor 74.125.79.99:

Pakketten: verzonden = 2, ontvangen = 2, verloren = 0

(0% verlies).De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:

Minimum = 24ms, Maximum = 25ms, Gemiddelde = 24ms

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65

Pingen naar yahoo.com [72.30.2.43] met 32 byte gegevens:
Antwoord van 72.30.2.43: bytes=32 tijd=216 ms TTL=46
Antwoord van 72.30.2.43: bytes=32 tijd=214 ms TTL=47
Ping-statistieken voor 72.30.2.43:

Pakketten: verzonden = 2, ontvangen = 2, verloren = 0

(0% verlies).De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:

Minimum = 214ms, Maximum = 216ms, Gemiddelde = 215ms



Pingen naar 127.0.0.1 met 32 byte gegevens:
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128
Ping-statistieken voor 127.0.0.1:

Pakketten: verzonden = 2, ontvangen = 2, verloren = 0

(0% verlies).De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:

Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms

===========================================================================
Interfacelijst
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 d4 82 c2 88 ...... Intel® PRO/1000 PM Network Connection - Pakketplanner-minipoort
===========================================================================
===========================================================================
Actieve routes:
Netwerkadres Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.2 192.168.2.2 30
192.168.2.0 255.255.255.0 192.168.2.2 192.168.2.2 20
192.168.2.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.2 192.168.2.2 20
224.0.0.0 240.0.0.0 192.168.2.2 192.168.2.2 20
255.255.255.255 255.255.255.255 192.168.2.2 192.168.2.2 1
Standaard-gateway: 192.168.2.1
===========================================================================
Permanente routes:
Geen

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/12/2011 06:40:57 PM) (Source: Application Error) (User: )
Description: Vastgelopen toepassing: svchost.exe, versie: 0.0.0.0, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00000000.
Er is tijdens het maken van de resulterende PEAP-TLV als antwoord op de ontvangen PEAP-TLV een fout opgetreden (svchost.exe!ld!)

Error: (08/12/2011 06:40:47 PM) (Source: Application Error) (User: )
Description: Vastgelopen toepassing: svchost.exe, versie: 5.1.2600.2180, vastgelopen module: rastapi.dll, versie: 5.1.2600.2180, vastgelopen op: 0x0000bb83.
Verwerken van mediaspecifieke gebeurtenis voor [svchost.exe!ws!]

Error: (08/12/2011 06:35:13 PM) (Source: Application Error) (User: )
Description: Vastgelopen toepassing: , versie: 0.0.0.0, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00000000.
Verwerken van mediaspecifieke gebeurtenis voor [!ws!]

Error: (08/12/2011 05:26:49 PM) (Source: Application Hang) (User: )
Description: Vastgelopen toepassing: iexplore.exe, versie: 7.0.5730.13, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error: (08/12/2011 05:22:19 PM) (Source: Application Error) (User: )
Description: Vastgelopen toepassing: , versie: 0.0.0.0, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x75eebbac.
Verwerken van mediaspecifieke gebeurtenis voor [!ws!]

Error: (08/11/2011 11:19:51 PM) (Source: Media Center Scheduler) (User: )
Description: Er is een fout opgetreden in Recording Disk Monitor.

Error: (08/11/2011 11:17:46 PM) (Source: Application Error) (User: )
Description: Vastgelopen toepassing: ehRecvr.exe, versie: 5.1.2700.2180, vastgelopen module: sbe.dll, versie: 6.5.2700.2180, vastgelopen op: 0x00006ba3.
Verwerken van mediaspecifieke gebeurtenis voor [ehRecvr.exe!ws!]

Error: (08/05/2011 06:03:18 PM) (Source: Media Center Scheduler) (User: )
Description: Er is een fout opgetreden in Recording Disk Monitor.

Error: (08/05/2011 06:00:07 PM) (Source: Application Error) (User: )
Description: Vastgelopen toepassing: ehRecvr.exe, versie: 5.1.2700.2180, vastgelopen module: sbe.dll, versie: 6.5.2700.2180, vastgelopen op: 0x000069cd.
Verwerken van mediaspecifieke gebeurtenis voor [ehRecvr.exe!ws!]

Error: (08/01/2011 06:15:47 PM) (Source: Application Hang) (User: )
Description: Vastgelopen toepassing: iexplore.exe, versie: 7.0.5730.13, vastgelopen module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.


System errors:
=============
Error: (08/12/2011 07:59:50 PM) (Source: Service Control Manager) (User: )
Description: De adfs-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (08/12/2011 07:57:30 PM) (Source: Service Control Manager) (User: )
Description: De adfs-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (08/12/2011 07:51:31 PM) (Source: Service Control Manager) (User: )
Description: De Java Quick Starter-service is onverwacht beŰindigd. Dit is nu 1 keer gebeurd.

Error: (08/12/2011 07:51:31 PM) (Source: Service Control Manager) (User: )
Description: De adfs-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (08/12/2011 07:42:14 PM) (Source: Service Control Manager) (User: )
Description: De adfs-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (08/12/2011 06:59:14 PM) (Source: Service Control Manager) (User: )
Description: De adfs-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (08/12/2011 06:45:55 PM) (Source: DCOM) (User: Matthijn)
Description: DCOM kreeg foutmelding '%%109' bij het starten van de netman-service met de argumenten ''
om de server
{BA126AD1-2166-11D1-B1D0-00805FC1270E} te starten

Error: (08/12/2011 06:40:24 PM) (Source: Service Control Manager) (User: )
Description: De adfs-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (08/12/2011 06:36:44 PM) (Source: Service Control Manager) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Management Instrumentation-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:
%%1056

Error: (08/12/2011 06:36:14 PM) (Source: DCOM) (User: SYSTEM)
Description: De server {1BE1F766-5536-11D1-B726-00C04FB926AF} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd.


Microsoft Office Sessions:
=========================
Error: (08/12/2011 06:40:57 PM) (Source: Application Error)(User: )
Description: svchost.exe0.0.0.0unknown0.0.0.000000000

Error: (08/12/2011 06:40:47 PM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.2180rastapi.dll5.1.2600.21800000bb83

Error: (08/12/2011 06:35:13 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (08/12/2011 05:26:49 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.5730.13hungapp0.0.0.000000000

Error: (08/12/2011 05:22:19 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.075eebbac

Error: (08/11/2011 11:19:51 PM) (Source: Media Center Scheduler)(User: )
Description: Er is een fout opgetreden in Recording Disk Monitor.

Error: (08/11/2011 11:17:46 PM) (Source: Application Error)(User: )
Description: ehRecvr.exe5.1.2700.2180sbe.dll6.5.2700.218000006ba3

Error: (08/05/2011 06:03:18 PM) (Source: Media Center Scheduler)(User: )
Description: Er is een fout opgetreden in Recording Disk Monitor.

Error: (08/05/2011 06:00:07 PM) (Source: Application Error)(User: )
Description: ehRecvr.exe5.1.2700.2180sbe.dll6.5.2700.2180000069cd

Error: (08/01/2011 06:15:47 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.5730.13hungapp0.0.0.000000000


=========================== Installed Programs ============================

ACDSee 32
Adobe AIR (Version: 1.5.3.9120)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS (Version: 11)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.0) - Nederlands (Version: 10.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe SVG Viewer 3.0 (Version: 3.0)
Apophysis 2.0 (Version: )
Apple Mobile Device Support (Version: 1.1.4.7)
Apple Software Update (Version: 2.0.2.92)
avast! Free Antivirus (Version: 6.0.1000.0)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows XP (KB890046) (Version: 1)
Beveiligingsupdate voor Windows XP (KB893756) (Version: 1)
Beveiligingsupdate voor Windows XP (KB896358) (Version: 1)
Beveiligingsupdate voor Windows XP (KB896423) (Version: 1)
Beveiligingsupdate voor Windows XP (KB896428) (Version: 1)
Beveiligingsupdate voor Windows XP (KB899587) (Version: 1)
Beveiligingsupdate voor Windows XP (KB899591) (Version: 1)
Beveiligingsupdate voor Windows XP (KB900725) (Version: 1)
Beveiligingsupdate voor Windows XP (KB901017) (Version: 1)
Beveiligingsupdate voor Windows XP (KB901214) (Version: 1)
Beveiligingsupdate voor Windows XP (KB902400) (Version: 1)
Beveiligingsupdate voor Windows XP (KB905414) (Version: 1)
Beveiligingsupdate voor Windows XP (KB905749) (Version: 1)
Beveiligingsupdate voor Windows XP (KB908519) (Version: 1)
Beveiligingsupdate voor Windows XP (KB911562) (Version: 1)
Beveiligingsupdate voor Windows XP (KB911927) (Version: 1)
Beveiligingsupdate voor Windows XP (KB913580) (Version: 1)
Beveiligingsupdate voor Windows XP (KB914388) (Version: 1)
Beveiligingsupdate voor Windows XP (KB914389) (Version: 1)
Beveiligingsupdate voor Windows XP (KB918118) (Version: 1)
Beveiligingsupdate voor Windows XP (KB918439) (Version: 1)
Beveiligingsupdate voor Windows XP (KB920213) (Version: 1)
Beveiligingsupdate voor Windows XP (KB920670) (Version: 1)
Beveiligingsupdate voor Windows XP (KB920683) (Version: 1)
Beveiligingsupdate voor Windows XP (KB920685) (Version: 1)
Beveiligingsupdate voor Windows XP (KB923191) (Version: 1)
Beveiligingsupdate voor Windows XP (KB923561) (Version: 1)
Beveiligingsupdate voor Windows XP (KB923980) (Version: 1)
Beveiligingsupdate voor Windows XP (KB924270) (Version: 1)
Beveiligingsupdate voor Windows XP (KB924496) (Version: 1)
Beveiligingsupdate voor Windows XP (KB924667) (Version: 1)
Beveiligingsupdate voor Windows XP (KB925902) (Version: 1)
Beveiligingsupdate voor Windows XP (KB926255) (Version: 1)
Beveiligingsupdate voor Windows XP (KB926436) (Version: 1)
Beveiligingsupdate voor Windows XP (KB927779) (Version: 1)
Beveiligingsupdate voor Windows XP (KB927802) (Version: 1)
Beveiligingsupdate voor Windows XP (KB928255) (Version: 1)
Beveiligingsupdate voor Windows XP (KB928843) (Version: 1)
Beveiligingsupdate voor Windows XP (KB929123) (Version: 1)
Beveiligingsupdate voor Windows XP (KB930178) (Version: 1)
Beveiligingsupdate voor Windows XP (KB931261) (Version: 1)
Beveiligingsupdate voor Windows XP (KB932168) (Version: 1)
Beveiligingsupdate voor Windows XP (KB937894) (Version: 1)
Beveiligingsupdate voor Windows XP (KB938127) (Version: 1)
Beveiligingsupdate voor Windows XP (KB938464-v2) (Version: 2)
Beveiligingsupdate voor Windows XP (KB943055) (Version: 1)
Beveiligingsupdate voor Windows XP (KB943460) (Version: 1)
Beveiligingsupdate voor Windows XP (KB944338-v2) (Version: 2)
Beveiligingsupdate voor Windows XP (KB944653) (Version: 1)
Beveiligingsupdate voor Windows XP (KB945553) (Version: 1)
Beveiligingsupdate voor Windows XP (KB946026) (Version: 1)
Beveiligingsupdate voor Windows XP (KB946648) (Version: 1)
Beveiligingsupdate voor Windows XP (KB950749) (Version: 1)
Beveiligingsupdate voor Windows XP (KB950760) (Version: 1)
Beveiligingsupdate voor Windows XP (KB950762) (Version: 1)
Beveiligingsupdate voor Windows XP (KB950974) (Version: 1)
Beveiligingsupdate voor Windows XP (KB951066) (Version: 1)
Beveiligingsupdate voor Windows XP (KB951376-v2) (Version: 2)
Beveiligingsupdate voor Windows XP (KB951748) (Version: 1)
Beveiligingsupdate voor Windows XP (KB952004) (Version: 1)
Beveiligingsupdate voor Windows XP (KB952954) (Version: 1)
Beveiligingsupdate voor Windows XP (KB954600) (Version: 1)
Beveiligingsupdate voor Windows XP (KB955069) (Version: 1)
Beveiligingsupdate voor Windows XP (KB956572) (Version: 1)
Beveiligingsupdate voor Windows XP (KB956802) (Version: 1)
Beveiligingsupdate voor Windows XP (KB956803) (Version: 1)
Beveiligingsupdate voor Windows XP (KB957097) (Version: 1)
Beveiligingsupdate voor Windows XP (KB958644) (Version: 1)
Beveiligingsupdate voor Windows XP (KB958687) (Version: 1)
Beveiligingsupdate voor Windows XP (KB959426) (Version: 1)
Beveiligingsupdate voor Windows XP (KB960225) (Version: 1)
Beveiligingsupdate voor Windows XP (KB960803) (Version: 1)
Beveiligingsupdate voor Windows XP (KB961373) (Version: 1)
Beveiligingsupdate voor Windows XP (KB961501) (Version: 1)
Beveiligingsupdate voor Windows XP (KB968537) (Version: 1)
Beveiligingsupdate voor Windows XP (KB969897) (Version: 1)
Beveiligingsupdate voor Windows XP (KB969898) (Version: 1)
Beveiligingsupdate voor Windows XP (KB970238) (Version: 1)
Bonjour (Version: 1.0.104)
CDex extraction audio
FLV Player 1.3.3
Font Xplorer 1.2.2
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HijackThis 1.99.1 (Version: 1.99.1)
Hitman Pro 3.5 (Version: 3.5.9.129)
Hotfix voor Windows XP (KB935448) (Version: 1)
Hotfix voor Windows XP (KB952287) (Version: 1)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Intel® Pro Alerting Agent (Version: 10.0.1)
Intel® PROSafe for Wired Connections (Version: 8.00.0005)
Intel® PROSafe for Wired Connections (Version: 99.99.9999)
IsoBuster 0.99.7.2 (Version: 0.99.7.2)
iTunes (Version: 7.6.1.9)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
KhalSetup (Version: 1.00.0000)
Last.fm 1.5.4.24567
Logitech QuickCam (Version: 8.20.0000)
Logitech SetPoint (Version: 3.1)
Logitech« Camera-stuurprogramma
Malwarebytes' Anti-Malware versie 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 1 (Version: 2.1.21022)
Microsoft .NET Framework 3.0 Service Pack 1 (Version: 3.1.21022)
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 (Version: 3.5.21022)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0)
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual Basic 2008 Express Edition - ENU (Version: 9.0.21022)
Microsoft Visual Basic 2008 Step by Step (Version: 2.00.10)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mjuice Components
Mozilla Firefox (3.0.19) (Version: 3.0.19 (nl))
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
QuickTime (Version: 7.4.1.14)
Realtek High Definition Audio Driver
SmartPar
Software van Intel® PRO Netwerkverbindingen v10.0.26.0
SoulSeek Client 156c
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1116)
Update voor Windows XP (KB894391) (Version: 1)
Update voor Windows XP (KB898461) (Version: 1)
Update voor Windows XP (KB900485) (Version: 2)
Update voor Windows XP (KB908531) (Version: 2)
Update voor Windows XP (KB910437) (Version: 1)
Update voor Windows XP (KB911280) (Version: 2)
Update voor Windows XP (KB916595) (Version: 1)
Update voor Windows XP (KB920872) (Version: 1)
Update voor Windows XP (KB922582) (Version: 1)
Update voor Windows XP (KB927891) (Version: 3)
Update voor Windows XP (KB930916) (Version: 1)
Update voor Windows XP (KB936357) (Version: 1)
Update voor Windows XP (KB938828) (Version: 1)
Update voor Windows XP (KB955839) (Version: 1)
Update voor Windows XP (KB967715) (Version: 1)
VB Decompiler Lite
VideoLAN VLC media player 0.8.4a (Version: 0.8.4a)
WebFldrs XP (Version: 9.50.7523)
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live installer (Version: 12.0.1202.0516)
Windows Live Messenger (Version: 8.5.1235.0517)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 2.5.3

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1015.17 MB
Available physical RAM: 325.84 MB
Total Pagefile: 2445.77 MB
Available Pagefile: 1807.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.25 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:9.13 GB) (Free:2.3 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:224.63 GB) (Free:136.88 GB) NTFS
4 Drive i: (VB2008 SBS) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

========================= Users: ========================================

Gebruikersaccounts voor \\SP2MCEPC

Administrator ASPNET Gast
HelpAssistant IUSR_SP2MCEPC IWAM_SP2MCEPC
Matthijn SUPPORT_388945a0
De opdracht is voltooid.


== End of log ==
======================================================================



MBAM log (in Dutch, but still understandable I guess):
=====================================================================
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Databaseversie: 7449

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

12-8-2011 22:14:11
mbam-log-2011-08-12 (22-14-11).txt

Scantype: Snelle scan
Objecten gescand: 285490
Verstreken tijd: 5 minuut/minuten, 18 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata ge´nfecteerd: 3
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
=========================================================================



Gmer log:
======================================================================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-12 23:40:31
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6L250R0 rev.BAH41G10
Running: izdd2ptd.exe; Driver: D:\DOCUME~1\MATTHI~1.000\LOCALS~1\Temp\pxdcypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA7D659CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA7DBAA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA7D85AF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA7D67EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA7D67F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA7D6801A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA7D854A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA7D67E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA7D67F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA7D67E56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA7D67FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA7D659EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA7D861BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA7D86471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA7D6829E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7D86026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7D85E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA7DBAB18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA7D657B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA7D65A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA7D68412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA7D664AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA7D67EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA7D67F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA7D68044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA7D85805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA7D67E2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA7D680D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA7D67F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA7D67E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA7D681BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA7D67FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA7DBABB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA7D85D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA7D66370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA7D85B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA7DC2E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA7D84B1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA7D65A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA7D65A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA7D65812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA7D6594E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA7D862C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA7D6592A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA7D65972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA7D65A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA7DCF8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056CBBF 5 Bytes JMP A7DCCD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80574505 4 Bytes CALL A7D66E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058AB14 7 Bytes JMP A7DCF8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A802E 5 Bytes JMP A7DCB29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00390120
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00390030
.text C:\Program Files\Bonjour\mDNSResponder.exe[172] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0039006C
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003701D4
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003700E4
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00370120
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0037015C
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00370198
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00370030
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0037006C
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003700A8
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00380120
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003800E4
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003800A8
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00380030
.text D:\Program Files\Logitech\Video\FxSvr2.exe[188] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0038006C
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
.text C:\WINDOWS\eHome\ehRecvr.exe[196] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\eHome\ehRecvr.exe[196] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\eHome\ehRecvr.exe[196] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\eHome\ehRecvr.exe[196] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\eHome\ehRecvr.exe[196] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002C01D4
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002C00E4
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002C0120
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002C015C
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002C0198
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002C0030
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002C006C
.text C:\WINDOWS\eHome\ehRecvr.exe[196] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\ctfmon.exe[244] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[244] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\ctfmon.exe[244] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\ctfmon.exe[244] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[244] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[244] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\ctfmon.exe[244] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[244] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002C006C
.text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
.text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
.text C:\WINDOWS\eHome\ehSched.exe[332] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\eHome\ehSched.exe[332] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\eHome\ehSched.exe[332] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\eHome\ehSched.exe[332] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\eHome\ehSched.exe[332] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002C01D4
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002C00E4
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002C0120
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002C015C
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002C0198
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002C0030
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002C006C
.text C:\WINDOWS\eHome\ehSched.exe[332] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[416] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002C006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[456] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0039006C
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003701D4
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003700E4
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00370120
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0037015C
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00370198
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00370030
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0037006C
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003700A8
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00380120
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003800E4
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003800A8
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00380030
.text D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[548] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[940] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1084] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 003E0120
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003E00E4
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003E00A8
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 003E0030
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 003E006C
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003F01D4
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003F00E4
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 003F0120
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 003F015C
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 003F0198
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 003F0030
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 003F006C
.text D:\Program Files\Logitech\SetPoint\SetPoint.exe[1212] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003F00A8
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1388] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002C01D4
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002C00E4
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002C0120
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002C015C
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002C0198
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002C0030
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002C006C
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002C00A8
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002D0120
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002D00E4
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002D00A8
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002D0030
.text D:\Program Files\Mozilla Firefox\firefox.exe[1484] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\spoolsv.exe[1812] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[1812] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\spoolsv.exe[1812] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\spoolsv.exe[1812] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[1812] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[1812] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[1812] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[1812] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1976] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\svchost.exe[1976] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1976] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00380120
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003800E4
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003800A8
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00380030
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0038006C
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003901D4
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003900E4
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00390120
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0039015C
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00390198
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00390030
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0039006C
.text D:\Program Files\Superantispyware\SASCORE.EXE[2008] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2024] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0039006C
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00370120
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003700E4
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003700A8
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00370030
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0037006C
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\Program Files\Intel\ASF Agent\ASFAgent.exe[2044] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[2216] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\dllhost.exe[2396] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\dllhost.exe[2396] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002A01D4
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002A00E4
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002A0120
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002A015C
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002A0198
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002A0030
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002A006C
.text C:\WINDOWS\system32\dllhost.exe[2396] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002A00A8
.text C:\WINDOWS\system32\dllhost.exe[2396] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\dllhost.exe[2396] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\dllhost.exe[2396] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\dllhost.exe[2396] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\dllhost.exe[2396] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[2684] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\wuauclt.exe[2684] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wuauclt.exe[2684] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\wuauclt.exe[2684] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wuauclt.exe[2684] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wuauclt.exe[2684] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wuauclt.exe[2684] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wuauclt.exe[2684] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002A0120
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002A00E4
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002A00A8
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002A0030
.text C:\WINDOWS\System32\alg.exe[2688] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002A006C
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\wscntfy.exe[3036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\wscntfy.exe[3036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\wscntfy.exe[3036] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wscntfy.exe[3036] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wscntfy.exe[3036] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wscntfy.exe[3036] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wscntfy.exe[3036] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002D01D4
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002D015C
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002D0198
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\wscntfy.exe[3036] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002D00A8
.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[3176] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002B01D4
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002B00E4
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002B0120
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002B015C
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002B0198
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002B0030
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002B006C
.text C:\WINDOWS\Explorer.EXE[3176] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002B00A8
.text C:\WINDOWS\Explorer.EXE[3176] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\Explorer.EXE[3176] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\Explorer.EXE[3176] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\Explorer.EXE[3176] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\Explorer.EXE[3176] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002C006C
.text C:\WINDOWS\ehome\ehtray.exe[3424] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
.text C:\WINDOWS\ehome\ehtray.exe[3424] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
.text C:\WINDOWS\ehome\ehtray.exe[3424] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002C0120
.text C:\WINDOWS\ehome\ehtray.exe[3424] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002C00E4
.text C:\WINDOWS\ehome\ehtray.exe[3424] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\ehome\ehtray.exe[3424] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002C0030
.text C:\WINDOWS\ehome\ehtray.exe[3424] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002C006C
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002D01D4
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002D00E4
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002D0120
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002D015C
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002D0198
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002D0030
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002D006C
.text C:\WINDOWS\ehome\ehtray.exe[3424] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002D00A8
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
.text C:\WINDOWS\eHome\ehmsas.exe[3504] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 002B0120
.text C:\WINDOWS\eHome\ehmsas.exe[3504] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 002B00E4
.text C:\WINDOWS\eHome\ehmsas.exe[3504] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\eHome\ehmsas.exe[3504] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 002B0030
.text C:\WINDOWS\eHome\ehmsas.exe[3504] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 002B006C
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 002C01D4
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 002C00E4
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 002C0120
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 002C015C
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 002C0198
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 002C0030
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 002C006C
.text C:\WINDOWS\eHome\ehmsas.exe[3504] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\hkcmd.exe[3520] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\hkcmd.exe[3520] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\hkcmd.exe[3520] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\hkcmd.exe[3520] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\hkcmd.exe[3520] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\hkcmd.exe[3520] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\hkcmd.exe[3520] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\hkcmd.exe[3520] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\igfxpers.exe[3528] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\igfxpers.exe[3528] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\igfxpers.exe[3528] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\igfxpers.exe[3528] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\igfxpers.exe[3528] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\igfxpers.exe[3528] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\igfxpers.exe[3528] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\igfxpers.exe[3528] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text D:\Program Files\Winamp\Winampa.exe[3620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text D:\Program Files\Winamp\Winampa.exe[3620] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text D:\Program Files\Winamp\Winampa.exe[3620] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00370120
.text D:\Program Files\Winamp\Winampa.exe[3620] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003700E4
.text D:\Program Files\Winamp\Winampa.exe[3620] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003700A8
.text D:\Program Files\Winamp\Winampa.exe[3620] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00370030
.text D:\Program Files\Winamp\Winampa.exe[3620] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0037006C
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text D:\Program Files\Winamp\Winampa.exe[3620] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003901D4
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003900E4
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00390120
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0039015C
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00390198
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00390030
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0039006C
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003900A8
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] USER32.dll!UnhookWindowsHookEx 7E39F21E 3 Bytes JMP 003A0120
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] USER32.dll!UnhookWindowsHookEx + 4 7E39F222 1 Byte [82]
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003A00E4
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003A00A8
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 003A0030
.text D:\Program Files\iTunes\iTunesHelper.exe[3676] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3728] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00370120
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003700E4
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003700A8
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00370030
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0037006C
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text D:\Program Files\Logitech\Video\LogiTray.exe[3836] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\WINDOWS\RTHDCPL.EXE[3952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
.text C:\WINDOWS\RTHDCPL.EXE[3952] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
.text C:\WINDOWS\RTHDCPL.EXE[3952] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00370120
.text C:\WINDOWS\RTHDCPL.EXE[3952] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003700E4
.text C:\WINDOWS\RTHDCPL.EXE[3952] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003700A8
.text C:\WINDOWS\RTHDCPL.EXE[3952] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00370030
.text C:\WINDOWS\RTHDCPL.EXE[3952] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0037006C
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\WINDOWS\RTHDCPL.EXE[3952] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!UnhookWindowsHookEx 7E39F21E 3 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!UnhookWindowsHookEx + 4 7E39F222 1 Byte [82]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3996] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 003A006C
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 77FA6C29 5 Bytes JMP 003801D4
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 77FA6D11 5 Bytes JMP 003800E4
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 77FA6EA9 5 Bytes JMP 00380120
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 77FA6FA9 5 Bytes JMP 0038015C
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 77FA7031 5 Bytes JMP 00380198
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceA 77FA70B9 5 Bytes JMP 00380030
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!CreateServiceW 77FA7251 5 Bytes JMP 0038006C
.text C:\Program Files\iPod\bin\iPodService.exe[4044] ADVAPI32.dll!DeleteService 77FA7359 5 Bytes JMP 003800A8
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!UnhookWindowsHookEx 7E39F21E 5 Bytes JMP 00390120
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!SetWindowsHookExW 7E3ADDB5 5 Bytes JMP 003900E4
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!SetWindowsHookExA 7E3B11D1 5 Bytes JMP 003900A8
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!SetWinEventHook 7E3B17B7 5 Bytes JMP 00390030
.text C:\Program Files\iPod\bin\iPodService.exe[4044] USER32.dll!UnhookWinEvent 7E3B186C 5 Bytes JMP 0039006C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{D68448EA-6E31-85F2-7587-D7007C65CA7D}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{D68448EA-6E31-85F2-7587-D7007C65CA7D}\InProcServer32@jafgdampllnlogochgdg 0x6A 0x61 0x67 0x64 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{D68448EA-6E31-85F2-7587-D7007C65CA7D}\InProcServer32@iafgfaajaiijebgmng 0x69 0x61 0x65 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D68448EA-6E31-85F2-7587-D7007C65CA7D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D68448EA-6E31-85F2-7587-D7007C65CA7D}@iapfabhdgciaodepfi 0x6A 0x61 0x67 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D68448EA-6E31-85F2-7587-D7007C65CA7D}@hajgofmhechkdhge 0x69 0x61 0x65 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D68448EA-6E31-85F2-7587-D7007C65CA7D}@hamnkdfhhpfmhfba 0x61 0x63 0x6A 0x63 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 490223475

---- EOF - GMER 1.0.15 ----
==================================================================================

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 12 August 2011 - 05:01 PM

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Modus47

Modus47
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 12 August 2011 - 05:20 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xAAB23000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 3059712 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2256896 bytes (Microsoft Corporation, NT-kernel & -systeem)
0x804D7000 PnpManager 2256896 bytes
0x804D7000 RAW 2256896 bytes
0x804D7000 WMIxWDM 2256896 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32-stuurprogramma)
0xA7BCF000 C:\WINDOWS\system32\DRIVERS\lvsvf2.sys 1056768 bytes (Logitech Inc., SmoothVision filter)
0xBFA33000 C:\WINDOWS\System32\ialmdd5.DLL 901120 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF5DCC000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 831488 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF742B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA7DB3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA7D0D000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0xF5AE3000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xA8F7F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7845000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA7D6B000 C:\WINDOWS\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7304000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA7CD1000 C:\WINDOWS\system32\DRIVERS\CamDrL21.sys 245760 bytes (Logitech Inc., Universal Serial Bus Camera Driver)
0xF5B3C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xBFA03000 C:\WINDOWS\System32\ialmdev5.DLL 196608 bytes (Intel Corporation, Component GHAL Driver)
0xF7587000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-stuurprogramma voor NT)
0xF5D1A000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 184320 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF73FE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA799A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA7E22000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA8F0E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7531000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT-schijfbeheer I/O-stuurprogramma)
0xF5D47000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF5C5F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5CF7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA8EB2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAAB01000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xA7E4D000 D:\Program Files\Superantispyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA8F36000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FE000 ACPI_HAL 134400 bytes
0x806FE000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74E1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBF9E3000 C:\WINDOWS\System32\ialmdnt5.dll 131072 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7557000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-schijfstuurprogramma)
0xF73E3000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7519000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7501000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA7B2E000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF74B8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5C01000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA790D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5C4B000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Stuurprogramma voor parallelle poort)
0xF5DB8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8FD7000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA7BBD000 C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 73728 bytes (Logitech Inc., Logitech Filter Driver for Mouse Class.)
0xF74CF000 sr.sys 73728 bytes (Microsoft Corporation, Stuurprogramma voor systeemherstel)
0xF7576000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug en Play PCI-enumerator)
0xF5BF0000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF5C3A000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Stuurprogramma voor serieel apparaat)
0xA878F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF698A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF619E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter-stuurprogramma)
0xAA9F2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA877F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xAA2B6000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF618E000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, i8042-poortstuurprogramma)
0xBF9D5000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF75F7000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volume Shadow Copy-stuurprogramma)
0xF61AE000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7617000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF616E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF614E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA879F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 49152 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF61BE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75E7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF615E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA9DD9000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF7727000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorstuurprogramm)
0xF69FA000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF612E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA744D000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7607000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA8E22000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, Cryptografisch FIPS-stuurprogramma)
0xA87BF000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75D7000 isapnp.sys 36864 bytes (Microsoft Corporation, Stuurprogramma voor PNP ISA-bus)
0xF613E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA9C2E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9DC9000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xAA20D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xA8CFE000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF792F000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xA85B6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7937000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Stuurprogramma voor verschillende toetsenbordtypen)
0xA9A7E000 C:\WINDOWS\system32\DRIVERS\LHidKE.Sys 28672 bytes (Logitech Inc., Logitech HID Filter Driver.)
0xF7857000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7927000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA8CDE000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7867000 iteatapi.sys 24576 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0xF7957000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Stuurprogramma voor muistypen)
0xA8CF6000 D:\Program Files\Superantispyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF604A000 C:\WINDOWS\system32\DRIVERS\USBCAMD.SYS 24576 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0xAA21D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA9A76000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xAA215000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF785F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7947000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF786F000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF794F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF793F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF791F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xAA255000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF73B3000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech Inc., Logitech PS2 Keyboard Filter Driver.)
0xAA460000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF7A7B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF79F7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF73AB000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA9200000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF79E7000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF61F2000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A77000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6202000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
0xF73A3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAA166000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B73000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7AE9000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7ADB000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF5EA1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AD7000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AEB000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B25000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM-stuurprogramma (parallel))
0xF7AED000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B77000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF5EAB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AD9000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF5F9B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA8C27000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CF9000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech Inc., Logitech Consumer Control Filter Driver.)
0xA9868000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B9F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus-stuurprogramma)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [aswmon2.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [LVSVF2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [NdisIP.sys]
WARNING: Virus alike driver modification [mhndrv.sys]
WARNING: Virus alike driver modification [ianswxp.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [SLIP.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [L8042Kbd.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [Hdaudbus.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [StreamIP.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [CCDECODE.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [e1e5132.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [WSTCODEC.SYS]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [aswFsBlk.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [LVUSBSta.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [hitmanpro35.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [CamDrL21.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [iteatapi.sys]
WARNING: Virus alike driver modification [aswRdr.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [LHidKE.Sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [RtkHDAud.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [aswSP.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbaapl.sys]
WARNING: Virus alike driver modification [aavmker4.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [Asfalrt.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [aswSnx.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [aswTdi.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [MSPQM.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [DMusic.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [MSPCLOCK.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [MSTEE.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [L8042MOU.SYS]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [ASACPI.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [ASUSHWIO.SYS]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [USBAUDIO.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [dxg.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [LMouKE.Sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [MSKSSRV.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [ialmnt5.sys]
WARNING: Virus alike driver modification [NABTSFEC.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [atapi.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [aswmon.sys]

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 12 August 2011 - 05:46 PM

It doesn't look like complete log.
Please repost.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Modus47

Modus47
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 13 August 2011 - 06:36 AM

Did a new scan with Rootkit Unhooker LE and copied the report from the application itself:
====================================

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xAAB80000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 3059712 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2256896 bytes (Microsoft Corporation, NT-kernel & -systeem)
0x804D7000 PnpManager 2256896 bytes
0x804D7000 RAW 2256896 bytes
0x804D7000 WMIxWDM 2256896 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32-stuurprogramma)
0xA615F000 C:\WINDOWS\system32\DRIVERS\lvsvf2.sys 1056768 bytes (Logitech Inc., SmoothVision filter)
0xBFA33000 C:\WINDOWS\System32\ialmdd5.DLL 901120 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF612A000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 831488 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF742B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA6DA1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA6C83000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0xF5FA7000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xAA072000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA59C0000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA6CE1000 C:\WINDOWS\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA53CC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA6261000 C:\WINDOWS\system32\DRIVERS\CamDrL21.sys 245760 bytes (Logitech Inc., Universal Serial Bus Camera Driver)
0xF6000000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xBFA03000 C:\WINDOWS\System32\ialmdev5.DLL 196608 bytes (Intel Corporation, Component GHAL Driver)
0xF7587000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-stuurprogramma voor NT)
0xF60C4000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 184320 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF73FE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA5A8A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA6E10000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAA029000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7531000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT-schijfbeheer I/O-stuurprogramma)
0xF60F1000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF607E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF60A1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA9FCA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAAB5E000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xA6EBE000 D:\Program Files\Superantispyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xAA051000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FE000 ACPI_HAL 134400 bytes
0x806FE000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74E1000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBF9E3000 C:\WINDOWS\System32\ialmdnt5.dll 131072 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7557000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-schijfstuurprogramma)
0xF73E3000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7519000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7501000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA5C1E000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF74B8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6042000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA5523000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF606A000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Stuurprogramma voor parallelle poort)
0xF6116000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA0CA000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xA60CD000 C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 73728 bytes (Logitech Inc., Logitech Filter Driver for Mouse Class.)
0xF74CF000 sr.sys 73728 bytes (Microsoft Corporation, Stuurprogramma voor systeemherstel)
0xF7576000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug en Play PCI-enumerator)
0xF6031000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF6059000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Stuurprogramma voor serieel apparaat)
0xA6F1A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF69CD000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7847000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter-stuurprogramma)
0xA5648000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA75F3000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF5D72000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7687000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, i8042-poortstuurprogramma)
0xBF9D5000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF75F7000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volume Shadow Copy-stuurprogramma)
0xF7837000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7617000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7697000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA7603000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 49152 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7827000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75E7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF5D32000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF7817000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorstuurprogramm)
0xF69FD000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA4C55000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7607000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA7C41000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, Cryptografisch FIPS-stuurprogramma)
0xA7683000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75D7000 isapnp.sys 36864 bytes (Microsoft Corporation, Stuurprogramma voor PNP ISA-bus)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5D12000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF5D22000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78AF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xAAA4C000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78DF000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xA7A53000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78E7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Stuurprogramma voor verschillende toetsenbordtypen)
0xA6EA4000 C:\WINDOWS\system32\DRIVERS\LHidKE.Sys 28672 bytes (Logitech Inc., Logitech HID Filter Driver.)
0xF7857000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78D7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA7A63000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7867000 iteatapi.sys 24576 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0xF7907000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Stuurprogramma voor muistypen)
0xA7A83000 D:\Program Files\Superantispyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xA7249000 C:\WINDOWS\system32\DRIVERS\USBCAMD.SYS 24576 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0xF787F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78BF000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF78A7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF785F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78F7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF786F000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF78FF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78EF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78CF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA6E7C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7AC7000 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 16384 bytes (Logitech Inc., Logitech PS2 Keyboard Filter Driver.)
0xAA177000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF73A7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7A6B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7ACB000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAA173000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF79E7000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA81E8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA7BC9000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA7899000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
0xF7AD3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7AB3000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AF9000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7B27000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7ADB000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B25000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AD7000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B29000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B7D000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM-stuurprogramma (parallel))
0xF7B2B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AFB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B11000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AD9000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C71000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA602E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D2C000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech Inc., Logitech Consumer Control Filter Driver.)
0xF7C56000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B9F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus-stuurprogramma)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [aswmon2.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [LVSVF2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [NdisIP.sys]
WARNING: Virus alike driver modification [mhndrv.sys]
WARNING: Virus alike driver modification [ianswxp.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [SLIP.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [L8042Kbd.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [Hdaudbus.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [StreamIP.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [CCDECODE.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [e1e5132.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [WSTCODEC.SYS]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [aswFsBlk.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [LVUSBSta.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [hitmanpro35.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [CamDrL21.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [iteatapi.sys]
WARNING: Virus alike driver modification [aswRdr.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [LHidKE.Sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [RtkHDAud.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [aswSP.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbaapl.sys]
WARNING: Virus alike driver modification [aavmker4.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [Asfalrt.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [aswSnx.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [aswTdi.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [MSPQM.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [DMusic.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [MSPCLOCK.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [MSTEE.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [L8042MOU.SYS]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [ASACPI.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [ASUSHWIO.SYS]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [USBAUDIO.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [dxg.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [LMouKE.Sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [MSKSSRV.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [ialmnt5.sys]
WARNING: Virus alike driver modification [NABTSFEC.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [atapi.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [aswmon.sys]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

==========================================================

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 13 August 2011 - 10:37 AM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Modus47

Modus47
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 13 August 2011 - 11:38 AM

Here you go:
===================

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-13 18:30:59
-----------------------------
18:30:59.796 OS Version: Windows 5.1.2600 Service Pack 2
18:30:59.796 Number of processors: 2 586 0x404
18:30:59.796 ComputerName: SP2MCEPC UserName: Matthijn
18:31:01.546 Initialize success
18:31:03.203 AVAST engine defs: 11081300
18:31:34.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:31:34.218 Disk 0 Vendor: Maxtor_6L250R0 BAH41G10 Size: 239372MB BusType: 3
18:31:36.250 Disk 0 MBR read successfully
18:31:36.250 Disk 0 MBR scan
18:31:36.312 Disk 0 Windows XP default MBR code
18:31:36.312 Disk 0 scanning sectors +490223475
18:31:36.343 Disk 0 PE file @ sector 490223475 !
18:31:36.375 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:46.187 Service scanning
18:31:47.843 Modules scanning
18:31:54.703 Disk 0 trace - called modules:
18:31:54.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:31:54.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86378ab8]
18:31:54.750 3 CLASSPNP.SYS[f761805b] -> nt!IofCallDriver -> \Device\0000005f[0x8637cf18]
18:31:54.765 5 ACPI.sys[f758d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86372d98]
18:31:55.171 AVAST engine scan C:\WINDOWS
18:32:00.625 AVAST engine scan C:\WINDOWS\system32
18:33:15.390 AVAST engine scan C:\WINDOWS\system32\drivers
18:33:26.578 AVAST engine scan D:\Documenten en settings\Matthijn.SP2MCEPC.000
18:35:20.656 AVAST engine scan D:\Documenten en settings\All Users.WINDOWS
18:35:44.937 Scan finished successfully
18:37:23.093 Disk 0 MBR has been saved successfully to "D:\Documenten en settings\Matthijn.SP2MCEPC.000\Bureaublad\Logs\MBR.dat"
18:37:23.109 The log file has been saved successfully to "D:\Documenten en settings\Matthijn.SP2MCEPC.000\Bureaublad\Logs\aswMBR.txt"

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 13 August 2011 - 11:40 AM

Something seems to be there, but we can use only limited number of tools in this forum.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Modus47

Modus47
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 13 August 2011 - 11:57 AM

Appreciate the help, thanks again.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 13 August 2011 - 11:59 AM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:48 AM

Posted 13 August 2011 - 04:24 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic414247.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users