Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have the Google redirect virus and need help


  • Please log in to reply
38 replies to this topic

#1 bionicbird

bionicbird

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 14 August 2011 - 03:29 PM

Google Redirect Virus

I appear to be affected with this virus, which is redirecting my Google searches to pages with local ads. My computer is a Lenovo T61 running Vista Business. I have tried full scans with Malware Bytes, Spybot, and Norton Power Eraser, and none of them showed signs of infection. I also tried Dr. Web’s Cureit, which gave me a blue-screen-of-death. So I am out of my league and need trained assistance.

A couple of days before realizing that I had this redirect-virus, I encountered the situation where, after clicking on a Google image search result, the computers seized and downloaded one of those fake anti-virus programs, and would not let me take any action unless I agreed to install it. So I did a manual shut down, rebooted in safemode, and renamed the MBAM file so that I could run Malwarebytes, which cleaned me up to this point.

I appreciate your assistance and will do my best to faithfully follow your instructions.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:46 AM

Posted 14 August 2011 - 03:49 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 14 August 2011 - 10:38 PM


Hi, thanks for your help.

tool box log:


MiniToolBox by Farbar
Ran by Philip (administrator) on 14-08-2011 at 18:44:43
Windows Vista ™ Business Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 10271 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.1.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Philip-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-92-84-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::85c9:e116:7a07:4678%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 14, 2011 6:07:50 PM
Lease Expires . . . . . . . . . . : Thursday, September 21, 2147 1:14:13 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234886120
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-6E-D1-52-00-1C-25-12-40-D3
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.va.comcast.net.
Description . . . . . . . . . . . : Intel® 82566MM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1C-25-14-1E-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:284d:287e:3f57:fdfd(Preferred)
Link-local IPv6 Address . . . . . : fe80::284d:287e:3f57:fdfd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.va.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #11
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #12
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #13
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #14
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: router.belkin
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.93.103
74.125.93.105
74.125.93.106
74.125.93.104
74.125.93.99
74.125.93.147



Pinging google.com [74.125.93.147] with 32 bytes of data:

Reply from 74.125.93.147: bytes=32 time=171ms TTL=51

Reply from 74.125.93.147: bytes=32 time=194ms TTL=51



Ping statistics for 74.125.93.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 171ms, Maximum = 194ms, Average = 182ms

Server: router.belkin
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=67ms TTL=50

Reply from 209.191.122.70: bytes=32 time=90ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 67ms, Maximum = 90ms, Average = 78ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 13 e8 92 84 b3 ...... Intel® Wireless WiFi Link 4965AGN
8 ...00 1c 25 14 1e cf ...... Intel® 82566MM Gigabit Network Connection
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
32 ...00 00 00 00 00 00 00 e0 isatap.hsd1.va.comcast.net.
17 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
18 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
19 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
20 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
22 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
23 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
24 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #9
25 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
26 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
27 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
28 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
29 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
33 ...00 00 00 00 00 00 00 e0 isatap.Belkin
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 281
192.168.2.2 255.255.255.255 On-link 192.168.2.2 281
192.168.2.255 255.255.255.255 On-link 192.168.2.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:284d:287e:3f57:fdfd/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::284d:287e:3f57:fdfd/128
On-link
9 281 fe80::85c9:e116:7a07:4678/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/14/2011 06:07:55 PM) (Source: PostgreSQL) (User: )
Description: 2011-08-14 22:07:55 GMT FATAL: bogus data in lock file "postmaster.pid": ""

Error: (08/14/2011 05:30:12 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/14/2011 05:00:42 PM) (Source: PostgreSQL) (User: )
Description: 2011-08-14 21:00:42 GMT FATAL: bogus data in lock file "postmaster.pid": ""

Error: (08/14/2011 03:56:04 PM) (Source: PostgreSQL) (User: )
Description: 2011-08-14 19:56:04 GMT FATAL: bogus data in lock file "postmaster.pid": ""

Error: (08/12/2011 10:32:17 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (08/12/2011 10:22:31 AM) (Source: PostgreSQL) (User: )
Description: 2011-08-12 14:22:31 GMT FATAL: bogus data in lock file "postmaster.pid": ""

Error: (08/11/2011 04:47:52 PM) (Source: PostgreSQL) (User: )
Description: 2011-08-11 20:47:52 GMT FATAL: bogus data in lock file "postmaster.pid": ""

Error: (08/11/2011 01:40:01 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\PHILIP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Q6Q36I2P.DEFAULT\CACHE\4\D9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/11/2011 01:40:01 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\PHILIP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Q6Q36I2P.DEFAULT\CACHE\4\D9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/11/2011 01:34:48 PM) (Source: PostgreSQL) (User: )
Description: 2011-08-11 17:34:48 GMT FATAL: bogus data in lock file "postmaster.pid": ""


System errors:
=============
Error: (08/14/2011 06:11:23 PM) (Source: Service Control Manager) (User: )
Description: tvtumon

Error: (08/14/2011 06:08:01 PM) (Source: Service Control Manager) (User: )
Description: lxdxCATSCustConnectService%%1053

Error: (08/14/2011 06:08:01 PM) (Source: Service Control Manager) (User: )
Description: 30000lxdxCATSCustConnectService

Error: (08/14/2011 06:08:01 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/14/2011 06:07:34 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:05:01 PM on 8/14/2011 was unexpected.

Error: (08/14/2011 05:05:27 PM) (Source: Service Control Manager) (User: )
Description: 30000AcSvc

Error: (08/14/2011 05:04:03 PM) (Source: Service Control Manager) (User: )
Description: tvtumon

Error: (08/14/2011 05:00:49 PM) (Source: Service Control Manager) (User: )
Description: lxdxCATSCustConnectService%%1053

Error: (08/14/2011 05:00:49 PM) (Source: Service Control Manager) (User: )
Description: 30000lxdxCATSCustConnectService

Error: (08/14/2011 05:00:49 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (07/12/2011 06:35:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/23/2009 06:01:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7574 seconds with 360 seconds of active time. This session ended with a crash.

Error: (08/14/2009 03:13:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 36515 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/13/2008 01:18:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/31/2008 02:57:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 181706 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (10/29/2008 04:45:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/29/2008 04:44:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 127 seconds with 120 seconds of active time. This session ended with a crash.

Error: (10/29/2008 04:20:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/29/2008 04:20:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3132 seconds with 120 seconds of active time. This session ended with a crash.

Error: (10/29/2008 03:27:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 107 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

(Version: 1.0.4.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2201.41622)
Access Help (Version: 2.02)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Ad-Aware
Ad-Aware (Version: 8.3.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.4.5 (Version: 9.4.5)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ArcExplorer Java Edition (Version: 9.3.1.0)
ArcSoft Panorama Maker 3
ASIO4ALL (Version: 2.10)
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 (Version: 6.5.5.7)
Avanquest update (Version: 1.23)
avast! Free Antivirus (Version: 6.0.1203.0)
Belarc Advisor 8.1
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.0.0)
Bonjour (Version: 3.0.0.2)
BufferChm (Version: 82.0.173.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Client Security - Password Manager (Version: 8.10.0006.00)
D4200 (Version: 82.0.201.000)
D4200_Help (Version: 82.0.201.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diskeeper Home (Version: 9.0.545)
dj_sf_ProductContext (Version: 82.0.201.000)
dj_sf_software (Version: 82.0.201.000)
dj_sf_software_req (Version: 82.0.201.000)
Drag-to-Disc (Version: 9.05)
FL Studio 10
Free Studio version 5.0.9
Full Tilt Poker (Version: 4.26.5.WIN.FullTilt.COM)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.65)
Google Updater (Version: 2.4.1536.6592)
Help Center (Version: 2.00h)
HP Deskjet 8.0 Software (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Print Diagnostic Utility (Version: 1.11.0004)
IL Download Manager
Intel PROSet Wireless
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless WiFi Software (Version: 12.04.0000)
Intel® Matrix Storage Manager and Intel® Turbo Memory
Intel® Turbo Memory
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1167)
iTunes (Version: 10.4.0.80)
iTunes Art Importer (Version: 0.9.2)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
LaCie Device Updater
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo Registration
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Lenovo USB Numeric Keypad Driver (Version: 5.00.300)
Lexmark 3600-4600 Series
Lexmark Fax Solutions
Maintenance Manager (Version: 3.0.4.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Message Center (Version: 2.01b)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Easy Assist (Version: 1.0.2028.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 14.0.5139.5001)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Multimedia Center For Think Offerings (Version: 9.0.629)
NVIDIA Drivers
On Screen Display (Version: 6.24.00)
PDF reDirect (remove only) (Version: v2.2.8)
PictureProject (Version: 1.0)
PokerStars
PokerStars.net
PostgreSQL 8.3 (Version: 8.3)
Presentation Director (Version: 4.08)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
QuickTime (Version: 7.70.80.34)
RealPlayer
Registry patch for Windows Vista USB S3 PM Enablement (Version: 1.00)
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista (Version: 1.01)
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (Version: 1.01)
Registry patch to improve USB device detection on resume from sleep for Windows Vista (Version: 1.01.0000)
Rhapsody Player Engine (Version: 1.0.604)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01)
Sonic Icons for Lenovo (Version: 1.0.2)
SoundMAX (Version: 6.10.1.5510)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spotify (Version: 0.5.2)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 82.0.173.000)
System Migration Assistant (Version: 5.20.0033)
System Update (Version: 3.14.0017)
ThinkPad EasyEject Utility (Version: 2.39)
ThinkPad FullScreen Magnifier (Version: 2.24)
ThinkPad Keyboard Customizer Utility (Version: 1.0.01)
ThinkPad Mobility Center Customization (Version: 1.10.0000)
ThinkPad Modem (Version: 7.70.00)
ThinkPad Power Management Driver (Version: 1.62.00.00)
ThinkPad Power Manager (Version: 3.40)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Access Connections (Version: 5.22)
ThinkVantage Active Protection System (Version: 1.63)
ThinkVantage Fingerprint Software (Version: 5.8.5.6014)
ThinkVantage Productivity Center (Version: 3.11)
ThinkVantage Technologies Welcome Message (Version: 1.18)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
Uninstall 1.0.0.1
UnloadSupport (Version: 1.00.0000)
Video Mover
VideoLAN VLC media player 0.8.6c (Version: 0.8.6c)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Wallpapers
WebReg (Version: 82.0.173.000)
Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0) (Version: 02/27/2007 9.7.37.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020) (Version: 02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) (Version: 11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002) (Version: 12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) (Version: 09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008) (Version: 09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010) (Version: 09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000) (Version: 09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008) (Version: 09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43) (Version: 05/31/2007 1.43)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (02/16/2007 6.00.01.10) (Version: 02/16/2007 6.00.01.10)
Windows Driver Package - Ricoh Company MMC Host Controller (02/24/2007 6.00.02.03) (Version: 02/24/2007 6.00.02.03)
Windows Driver Package - Ricoh Company xD Host Controller (03/21/2007 6.00.01.12) (Version: 03/21/2007 6.00.01.12)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live installer (Version: 12.0.1471.1025)
Windows Live Mail (Version: 12.0.1606.1023)
Windows Live Toolbar (Version: 03.01.0130)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 75%
Total physical RAM: 2013.53 MB
Available physical RAM: 487.39 MB
Total Pagefile: 4264.04 MB
Available Pagefile: 2634.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.75 MB

========================= Partitions: =====================================

1 Drive c: (SW_Preload) (Fixed) (Total:86.62 GB) (Free:15.01 GB) NTFS
2 Drive e: (SD) (Removable) (Total:3.83 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\PHILIP-PC

Administrator ASPNET Guest
Philip postgres


== End of log ==










Malwarebytes log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7467

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/14/2011 6:58:30 PM
mbam-log-2011-08-14 (18-58-30).txt

Scan type: Quick scan
Objects scanned: 237581
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





The GMER log was to long for this post so I will put in another post

#4 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 14 August 2011 - 10:41 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-14 23:14:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS72101 rev.MCZI
Running: gmer.exe; Driver: c:\temp\awriapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9281C202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9281E7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9281E848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9281E95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9281E746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9281E898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9281E79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9281E90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9281C226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9281BFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9281C24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9281ED56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9281CCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9281E820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9281E870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9281E988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9281E772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9281E8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9281E7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9281E936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9281CBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9281C26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9281C292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9281C04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9281C186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9281C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9281C1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9281C2B6]

INT 0x61 ? 90E277D0
INT 0x71 ? 90E27A50

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9309D398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 836BFB68 4 Bytes [02, C2, 81, 92]
.text ntkrnlpa.exe!KeSetEvent + 1D1 836BFC2C 8 Bytes [F0, E7, 81, 92, 48, E8, 81, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 836BFC38 4 Bytes [5E, E9, 81, 92]
.text ntkrnlpa.exe!KeSetEvent + 1F5 836BFC50 4 Bytes [46, E7, 81, 92] {INC ESI; OUT 0x81, EAX; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 215 836BFC70 8 Bytes [98, E8, 81, 92, 9A, E7, 81, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 837EB655 5 Bytes JMP 93098D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8384454C 5 Bytes JMP 9309A7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8384DE70 4 Bytes CALL 9281D34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83851AE6 4 Bytes CALL 9281D361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 838A604C 7 Bytes JMP 9309D39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DE09320, 0x3F6A07, 0xE8000020]
init C:\Windows\system32\DRIVERS\i8042HDR.sys entry point in "init" section [0x8EEB9C00]
.text win32k.sys!EngCreateRectRgn + 4537 9E0AFC80 5 Bytes JMP 9281F440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 9E0C8EA9 5 Bytes JMP 9281FE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 9E0C9C95 5 Bytes JMP 9281FF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 9E0D23F7 5 Bytes JMP 9281ED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 9E0D334E 5 Bytes JMP 9281FBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 9E0DEA94 5 Bytes JMP 9281F316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 9E0DFEFF 5 Bytes JMP 9281EF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 9E0F9A35 5 Bytes JMP 9281F180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 9E0F9A89 5 Bytes JMP 9281F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 9E120A8E 5 Bytes JMP 9281FB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 9E1233ED 5 Bytes JMP 9281EE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 9E129D2E 5 Bytes JMP 9281EFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 9E1341CC 5 Bytes JMP 92820014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 9E1370B4 5 Bytes JMP 9281EE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 9E1554E5 5 Bytes JMP 9281FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 9E15BBB3 5 Bytes JMP 9281FBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 9E15F32A 5 Bytes JMP 9281FCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 9E166C49 5 Bytes JMP 9281EEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 9E1851BC 5 Bytes JMP 9281F0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 9E18AA3A 5 Bytes JMP 9281F008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9E18E572 5 Bytes JMP 9281FECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 9E1ACA97 5 Bytes JMP 9281F03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 9E1B92F1 5 Bytes JMP 9281F0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text ntdll.dll!LdrLoadDll 76F793A8 5 Bytes [E9, 4B, 6E, 1D, 89] {JMP 0xffffffff891d6e50}
.text ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes [E9, B7, 4C, 1C, 89] {JMP 0xffffffff891c4cbc}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[504] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[600] kernel32.dll!SetUnhandledExceptionFilter 7576A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[600] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[764] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[764] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[764] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!CreateServiceW 75A49EB4 3 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!CreateServiceW + 4 75A49EB8 1 Byte [8A]
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[764] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[764] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[764] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[764] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[764] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[764] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[776] KERNEL32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\services.exe[808] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[808] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[808] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[808] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[808] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[808] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[808] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[808] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[808] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[820] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[820] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[820] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[820] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[820] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[820] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[820] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[820] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[828] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[828] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[828] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[828] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[992] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[992] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[992] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[992] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[992] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00090600
.text C:\Windows\system32\WLANExt.exe[992] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00090804
.text C:\Windows\system32\WLANExt.exe[992] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\WLANExt.exe[992] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\WLANExt.exe[992] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00AB0600
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00AB0804
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00AB0A08
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 00AB01F8
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 00AB03FC
.text C:\Windows\system32\ibmpmsvc.exe[1092] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000801F8
.text C:\Windows\system32\ibmpmsvc.exe[1092] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000803FC
.text C:\Windows\system32\ibmpmsvc.exe[1092] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000A03FC
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000A0600
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000A1014
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000A0804
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000A0A08
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\ibmpmsvc.exe[1092] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000A01F8
.text C:\Windows\system32\ibmpmsvc.exe[1092] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\ibmpmsvc.exe[1092] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\ibmpmsvc.exe[1092] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\ibmpmsvc.exe[1092] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\ibmpmsvc.exe[1092] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000B03FC
.text C:\Windows\system32\nvvsvc.exe[1124] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[1124] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[1124] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1124] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[1124] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[1124] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[1124] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[1124] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\nvvsvc.exe[1124] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[1160] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[1160] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001C0600
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001C0804
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001C0A08
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001C01F8
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001C03FC
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001A0600
.text C:\Windows\System32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001A0804
.text C:\Windows\System32\svchost.exe[1244] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001A0A08
.text C:\Windows\System32\svchost.exe[1244] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001A01F8
.text C:\Windows\System32\svchost.exe[1244] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001A03FC
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00D10600
.text C:\Windows\System32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00D10804
.text C:\Windows\System32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00D10A08
.text C:\Windows\System32\svchost.exe[1284] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 00D101F8
.text C:\Windows\System32\svchost.exe[1284] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 00D103FC
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001F0804
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001F0A08
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001F01F8
.text C:\Windows\system32\svchost.exe[1296] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001F03FC
.text C:\Windows\system32\winlogon.exe[1328] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[1328] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[1328] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!CreateServiceW 75A49EB4 3 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!CreateServiceW + 4 75A49EB8 1 Byte [8A]
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[1328] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[1328] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[1328] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[1328] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[1328] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[1328] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\AUDIODG.EXE[1456] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001A0600
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001A0804
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001A0A08
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001A03FC
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001B03FC
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 001B0600
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 001B1014
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 001B0804
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 001B0A08
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 001B0C0C
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 001B0E10
.text C:\Program Files\Lenovo\Client Security Solution\password_manager.exe[1556] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001B01F8
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1600] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00C10600
.text C:\Windows\system32\svchost.exe[1600] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00C10804
.text C:\Windows\system32\svchost.exe[1600] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00C10A08
.text C:\Windows\system32\svchost.exe[1600] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 00C101F8
.text C:\Windows\system32\svchost.exe[1600] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 00C103FC
.text C:\Windows\system32\rundll32.exe[1684] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\rundll32.exe[1684] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000603FC
.text C:\Windows\system32\rundll32.exe[1684] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[1684] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00070600
.text C:\Windows\system32\rundll32.exe[1684] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00070804
.text C:\Windows\system32\rundll32.exe[1684] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\rundll32.exe[1684] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\rundll32.exe[1684] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\rundll32.exe[1684] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000801F8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe[1812] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1928] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1928] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1928] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1928] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1928] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Windows\system32\svchost.exe[1928] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[1928] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[1928] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[1928] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00190600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00190804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00190A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1960] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1964] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe[1972] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001E03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 001E0600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 001E1014
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 001E0804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 001E0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 001E0C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 001E0E10
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001E01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00330600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00330804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00330A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 003301F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe[2196] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 003303FC
.text C:\Windows\System32\spoolsv.exe[2200] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[2200] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[2200] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[2200] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00200600
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00200804
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00200A08
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002001F8
.text C:\Windows\System32\spoolsv.exe[2200] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002003FC
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2224] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2224] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2224] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000B03FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00190600
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00190804
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00190A08
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001901F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2460] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001903FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002703FC
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00270600
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00271014
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00270804
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00270A08
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00270C0C
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00270E10
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002701F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00290600
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00290804
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00290A08
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002901F8
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2480] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002903FC
.text C:\Windows\system32\IPSSVC.EXE[2512] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\IPSSVC.EXE[2512] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\IPSSVC.EXE[2512] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\IPSSVC.EXE[2512] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Windows\system32\IPSSVC.EXE[2512] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\IPSSVC.EXE[2512] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\IPSSVC.EXE[2512] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\IPSSVC.EXE[2512] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\IPSSVC.EXE[2512] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002B03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 002B0600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 002B1014
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 002B0804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 002B0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 002B0C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 002B0E10
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002B01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 002C0600
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 002C0804
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 002C0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002C01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe[2544] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002C03FC
.text C:\Windows\system32\AEADISRV.EXE[2572] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\AEADISRV.EXE[2572] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\AEADISRV.EXE[2572] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\AEADISRV.EXE[2572] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001C03FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 001C0600
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 001C1014
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 001C0804
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 001C0A08
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 001C0C0C
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 001C0E10
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001C01F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001D0600
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001D0804
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001D0A08
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001D01F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[2600] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001D03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2632] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000B0600
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 000C0600
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 000C0804
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2664] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00160600
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00160804
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[2676] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00180600
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00180804
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[2688] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2704] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00190600
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00191014
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00190804
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00190A08
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00190C0C
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00190E10
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001901F8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001A0600
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001A0804
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001A0A08
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2728] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001A03FC
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE[2760] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 003B03FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 003B0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 003B1014
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 003B0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 003B0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 003B0C0C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 003B0E10
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 003B01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 003C0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 003C0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 003C0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 003C01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2876] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 003C03FC
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2908] KERNEL32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]

#5 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 14 August 2011 - 10:44 PM

text C:\Windows\USBNUMP.EXE[2956] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Windows\USBNUMP.EXE[2956] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Windows\USBNUMP.EXE[2956] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001603FC
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00160600
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00161014
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00160804
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00160A08
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00160C0C
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00160E10
.text C:\Windows\USBNUMP.EXE[2956] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001601F8
.text C:\Windows\USBNUMP.EXE[2956] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Windows\USBNUMP.EXE[2956] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Windows\USBNUMP.EXE[2956] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Windows\USBNUMP.EXE[2956] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Windows\USBNUMP.EXE[2956] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2960] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002603FC
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00260600
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00261014
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00260804
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00260A08
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00260C0C
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00260E10
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002601F8
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00270600
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00270804
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00270A08
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002701F8
.text C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe[2972] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002703FC
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3064] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00DC0600
.text C:\Windows\system32\svchost.exe[3064] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00DC0804
.text C:\Windows\system32\svchost.exe[3064] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00DC0A08
.text C:\Windows\system32\svchost.exe[3064] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 00DC01F8
.text C:\Windows\system32\svchost.exe[3064] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 00DC03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3076] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\WUDFHost.exe[3104] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[3104] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[3104] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[3104] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[3104] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[3104] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[3104] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[3104] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[3104] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[3108] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00280600
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00280804
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00280A08
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002801F8
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002803FC
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002903FC
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00290600
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00291014
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00290804
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00290A08
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00290C0C
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 3 Bytes JMP 00290E10
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!ChangeServiceConfig2W + 4 75A871E5 1 Byte [8A]
.text C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE[3136] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002901F8
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00280600
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00280804
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00280A08
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002801F8
.text C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe[3160] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002803FC
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00260600
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00260804
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002603FC
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002703FC
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00270600
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00271014
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00270804
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00270A08
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00270C0C
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00270E10
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE[3220] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002701F8
.text C:\Windows\system32\lxdxcoms.exe[3260] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\lxdxcoms.exe[3260] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\lxdxcoms.exe[3260] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\lxdxcoms.exe[3260] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Windows\system32\lxdxcoms.exe[3260] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\lxdxcoms.exe[3260] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\lxdxcoms.exe[3260] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\lxdxcoms.exe[3260] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\lxdxcoms.exe[3260] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3300] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text c:\program files\lenovo\system update\suservice.exe[3472] KERNEL32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3480] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3480] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3480] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[3480] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[3480] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[3480] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[3480] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[3480] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE[3492] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3504] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3536] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001803FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000901F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000903FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000B03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000B0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000B1014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000B0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000B0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000B0C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000B0E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000B01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00A30600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00A30804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00A30A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 00A301F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3608] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 00A303FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000D01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000D03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000F03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000F0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000F1014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000F0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000F0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000F0C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000F0E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000F01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00100600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00100804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00100A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001001F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3640] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[3672] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3672] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3672] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe[3728] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\TPHDEXLG.exe[3760] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\TPHDEXLG.exe[3760] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\TPHDEXLG.exe[3760] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\TPHDEXLG.exe[3760] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\TPHDEXLG.exe[3760] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\System32\TPHDEXLG.exe[3760] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\System32\TPHDEXLG.exe[3760] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\TPHDEXLG.exe[3760] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\TPHDEXLG.exe[3760] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00220600
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00220804
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00220A08
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002201F8
.text C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe[3788] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002203FC
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00370600
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00370804
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00370A08
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 003701F8
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 003703FC
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 003803FC
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00380600
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00381014
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00380804
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00380A08
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00380C0C
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00380E10
.text c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe[3804] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 003801F8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe[3816] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[3880] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3880] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3880] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3880] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002203FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00220600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00221014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00220804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00220A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00220C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00220E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002201F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00230600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00230804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00230A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002301F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3896] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002303FC
.text C:\Windows\system32\SearchIndexer.exe[3956] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3956] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3956] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[4024] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 003F03FC
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 003F0600
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 003F1014
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 003F0804
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 003F0A08
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 003F0C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 003F0E10
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 003F01F8
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00D40600
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00D40804
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00D40A08
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 00D401F8
.text C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[4052] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 00D403FC
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[4092] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[4092] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[4092] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[4092] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[4092] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[4092] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[4092] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4132] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000703FC

.text C:\Windows\System32\rundll32.exe[4144] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[4144] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[4144] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[4144] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00070600
.text C:\Windows\System32\rundll32.exe[4144] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00070804
.text C:\Windows\System32\rundll32.exe[4144] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00070A08
.text C:\Windows\System32\rundll32.exe[4144] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[4144] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\rundll32.exe[4144] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\ctfmon.exe[4272] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4308] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4308] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4308] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4308] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 000A0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 000A1014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 000A0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 000A0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 000A0C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 000A0E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4324] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000B03FC
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[4380] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[4380] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[4380] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[4380] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[4380] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[4380] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[4380] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[4392] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00270600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00270804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00270A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00280600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00281014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00280804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00280A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00280C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00280E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4404] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002801F8
.text C:\Windows\system32\wuauclt.exe[4448] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[4448] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[4448] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4448] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[4448] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[4448] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[4448] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[4448] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[4448] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000801F8
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001903FC
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00190600
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00191014
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00190804
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00190A08
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00190C0C
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00190E10
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001901F8
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001A0600
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001A0804
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001A0A08
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001A01F8
.text C:\Users\Philip\Desktop\gmer\gmer.exe[4532] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001A03FC
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00190600
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00190804
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00190A08
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001901F8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[4556] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\taskeng.exe[4664] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[4664] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[4664] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\taskeng.exe[4664] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[4664] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00090600
.text C:\Windows\system32\taskeng.exe[4664] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00090804
.text C:\Windows\system32\taskeng.exe[4664] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\taskeng.exe[4664] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[4664] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000903FC
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00180600
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00180804
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00180A08
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe[4672] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\Dwm.exe[4700] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[4700] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[4700] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[4700] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[4700] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[4700] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[4700] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[4700] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[4700] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[4716] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[4716] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[4716] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[4716] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[4716] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[4716] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[4716] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[4716] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[4716] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[4740] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[4740] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[4740] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[4740] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[4740] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[4740] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[4740] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[4740] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[4740] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4900] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 003603FC
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00360600
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00361014
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00360804
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00360A08
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00360C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00360E10
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 003601F8
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00370600
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00370804
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00370A08
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 003701F8
.text C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe[4948] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 003703FC
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00180600
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00180804
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[4964] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00180600
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00180804
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Lenovo\Zoom\TpScrex.exe[5020] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\rundll32.exe[5092] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[5092] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[5092] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[5092] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Windows\System32\rundll32.exe[5092] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\rundll32.exe[5092] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\rundll32.exe[5092] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\rundll32.exe[5092] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\rundll32.exe[5092] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 01450600
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 01450804
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 01450A08
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 014501F8
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 014503FC
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 014603FC
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 01460600
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 01461014
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 01460804
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 01460A08
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 01460C0C
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 01460E10
.text C:\Program Files\Lenovo\Client Security Solution\cssauth.exe[5096] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 014601F8
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[5100] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[5100] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[5100] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[5100] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[5100] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[5100] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[5100] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[5220] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001401F8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001403FC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00160600
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00160804
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe[5264] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5444] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00180600
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00180804
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00180A08
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001803FC
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001903FC
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00190600
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00191014
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00190804
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00190A08
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00190C0C
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00190E10
.text C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE[5508] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001901F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00190600
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00190804
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00190A08
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[5620] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001903FC
.text C:\Windows\System32\mobsync.exe[5644] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\mobsync.exe[5644] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\mobsync.exe[5644] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\mobsync.exe[5644] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\mobsync.exe[5644] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Windows\System32\mobsync.exe[5644] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Windows\System32\mobsync.exe[5644] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Windows\System32\mobsync.exe[5644] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Windows\System32\mobsync.exe[5644] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 002503FC
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00250600
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00251014
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00250804
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00250A08
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00250C0C
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00250E10
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 002501F8
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00260600
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00260804
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00260A08
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 002601F8
.text C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe[5652] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 002603FC
.text C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe[5684] KERNEL32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00170600
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00170804
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00180600
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00181014
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00180804
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00180A08
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00180C0C
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00180E10
.text C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE[5688] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 001B0600
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 001B0804
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Lenovo\AwayTask\AwaySch.EXE[5744] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001B03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5752] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\TpShocks.exe[5784] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\TpShocks.exe[5784] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\TpShocks.exe[5784] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 001703FC
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00170600
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00171014
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00170804
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00170A08
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00170C0C
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00170E10
.text C:\Windows\System32\TpShocks.exe[5784] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\TpShocks.exe[5784] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00180600
.text C:\Windows\System32\TpShocks.exe[5784] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\TpShocks.exe[5784] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\TpShocks.exe[5784] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\TpShocks.exe[5784] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[5868] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ntdll.dll!LdrLoadDll 76F793A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ntdll.dll!LdrUnloadDll 76F8B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] kernel32.dll!GetBinaryTypeW + 70 75792467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!CreateServiceW 75A49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!DeleteService 75A4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!SetServiceObjectSecurity 75A86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!ChangeServiceConfigA 75A86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!ChangeServiceConfigW 75A86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!ChangeServiceConfig2A 75A87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!ChangeServiceConfig2W 75A871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] ADVAPI32.dll!CreateServiceA 75A872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] USER32.dll!SetWindowsHookExA 76EB6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] USER32.dll!SetWindowsHookExW 76EB87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] USER32.dll!UnhookWindowsHookEx 76EB98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] USER32.dll!SetWinEventHook 76EB9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5904] USER32.dll!UnhookWinEvent 76EBC06F 5 Bytes JMP 000803FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[808] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00140002
IAT C:\Windows\system32\services.exe[808] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00140000
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7452A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74508395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7455CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:46 AM

Posted 14 August 2011 - 10:49 PM

Are you still getting redirected?
Does it happen in both browsers (FF and IE)?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 15 August 2011 - 08:07 AM

Yes, I am still being redirected, both in Firefox and IE. I hope that I ran the GMER scan correctly for you- I ran it per your post but I did not de-select any of the items as is suggested in the "before you post" guide. I did that originally but got a blue screen. This second attempt worked obviously but the results required three posts.

Thank you again for all of your help.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:46 AM

Posted 15 August 2011 - 01:07 PM

I still need Security Check log.

Then...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 15 August 2011 - 02:37 PM

Oops, sorry about that.

Security check log:


Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
ArcExplorer Java Edition
Java™ 6 Update 22
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Spybot Teatimer.exe is disabled!
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````







Rootkit log

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8DC06000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7593984 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 176.93 )
0x8E40E000 C:\Windows\system32\DRIVERS\NETw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x8363B000 C:\Windows\system32\ntkrnlpa.exe 3911680 bytes (Microsoft Corporation, NT Kernel & System)
0x8363B000 PnpManager 3911680 bytes
0x8363B000 RAW 3911680 bytes
0x8363B000 WMIxWDM 3911680 bytes
0x9B420000 Win32k 2113536 bytes
0x9B420000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89609000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x89276000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x92006000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x89406000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA58F2000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8DA00000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x89000000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x92109000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA2006000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E344000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8952C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8EC00000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x89200000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060C000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x92604000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA210D000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x92E57000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8ED86000 C:\Windows\system32\drivers\ADIHdAud.sys 368640 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8E85E000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xA5880000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x890DA000 C:\Windows\system32\DRIVERS\iaNvStor.sys 307200 bytes (Intel Corporation, Intel® Turbo Memory Driver)
0x92EC9000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x80734000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x92774000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068B000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80492000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E986000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8ECD9000 C:\Windows\system32\DRIVERS\sxuptp.sys 258048 bytes (silex technology, Inc., SXUPTP Driver)
0x805B3000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8DB3E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x92E0F000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x893AC000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8E8CF000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8DB05000 C:\Windows\system32\DRIVERS\e1e6032.sys 233472 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0xA5807000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89719000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x92F7C000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8ED2F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83608000 ACPI_HAL 208896 bytes
0x83608000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBC402000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x89154000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9272E000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8E957000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80793000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x895B9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89381000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8ECAF000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA20C6000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x92F13000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA5858000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x897A8000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E2000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x891C5000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8DB94000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8950B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA21C5000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x926BC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x89763000 C:\Windows\System32\DRIVERS\Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0x807D0000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8912D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA217A000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x894F0000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x92F61000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8E821000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA2197000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8E930000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92FC3000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xA5840000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x92EB2000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EDE0000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x891A5000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0x8E9D2000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBC435000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x921D6000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x927C1000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x89783000 C:\Windows\system32\DRIVERS\sbp2port.sys 90112 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x9270F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA21B0000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DBDA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA59E6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8DBC6000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E84A000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x92760000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8E8AF000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA20FA000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x927E5000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA58CF000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x897CF000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8ED75000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80479000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89186000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xA20B6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807C0000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8EC89000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8DAF6000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x89196000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x92F52000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89799000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80709000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8DBB7000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E83B000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8DB85000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80725000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9B660000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x927D7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x926F8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80785000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8E915000 C:\Windows\system32\drivers\tpm.sys 57344 bytes (Microsoft Corporation, TPM Device Driver)
0x8067D000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x92F3B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x921BE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8ED22000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xA59DA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x92E00000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x926B0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E3E4000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x92FB7000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x8E8C4000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8E90A000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x926ED000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E9E9000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x921CB000 C:\Windows\System32\Drivers\tcusb.sys 45056 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x8E9C7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA21EE000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8DAE2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E3F0000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x92F48000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8ED18000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA20F0000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x92E4B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA59D0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x89752000 C:\Windows\System32\DRIVERS\ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0x92725000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xBC454000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x897E0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x92683000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8DB7C000 C:\Windows\system32\DRIVERS\LaCieUSBFilter.sys 36864 bytes (LaCie Group, USB lower level filter driver)
0x8914B000 C:\Windows\system32\drivers\msahci.sys 36864 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x891BC000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x92706000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8ED6C000 C:\Windows\system32\DRIVERS\sffdisk.sys 36864 bytes (Microsoft Corporation, Small Form Factor Disk Driver)
0x9B640000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8DAED000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E94E000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D1000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x89125000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x806DA000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x926DD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x926E5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8ED64000 C:\Windows\system32\DRIVERS\sffp_sd.sys 32768 bytes (Microsoft Corporation, Small Form Factor SD Protocol Driver)
0x8975B000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8ECA5000 C:\Windows\system32\DRIVERS\Tvti2c.sys 32768 bytes (Lenovo (United States) Inc., SMBUS Driver)
0xA21E6000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x92693000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92FE4000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x92FEB000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x926A9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8E927000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 28672 bytes (Lenovo., ThinkPad Power Management Driver)
0x8077E000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9268C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA58E7000 C:\Windows\system32\DRIVERS\PROCDD.SYS 28672 bytes (Lenovo Group Limited, IPS Helper Driver)
0x927F8000 C:\Windows\System32\drivers\Tppwr32v.sys 28672 bytes (Lenovo Group Limited, Power Manager)
0x9269A000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x8E948000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8EC9F000 C:\Windows\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0x8EC99000 C:\Windows\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0x927BC000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x92FDB000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x89271000 C:\Windows\System32\DRIVERS\DozeHDD.sys 20480 bytes (Lenovo., Doze Mode Kernel Driver for HDD control)
0x8E923000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA58EE000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x92FB4000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x80718000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8E92E000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x92FE0000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x8E8C2000 C:\Windows\system32\DRIVERS\i8042HDR.sys 8192 bytes (Chicony, Numpad.sys)
0x92FE2000 C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0x92E55000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0x8ECAD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8E3FB000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x92FC2000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================



aswMBR log




aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-15 15:22:39
-----------------------------
15:22:39.009 OS Version: Windows 6.0.6002 Service Pack 2
15:22:39.009 Number of processors: 2 586 0xF0A
15:22:39.012 ComputerName: PHILIP-PC UserName: Philip
15:22:41.141 Initialize success
15:22:42.098 AVAST engine defs: 11081501
15:22:48.521 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:22:48.525 Disk 0 Vendor: HTS72101 MCZI Size: 95396MB BusType: 3
15:22:48.535 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
15:22:48.542 Disk 1 Vendor: ( Size: 3935MB BusType: 12
15:22:48.569 Disk 0 MBR read successfully
15:22:48.574 Disk 0 MBR scan
15:22:48.580 Disk 0 Windows XP default MBR code
15:22:48.593 Disk 0 scanning sectors +195368960
15:22:48.630 Disk 0 scanning C:\Windows\system32\drivers
15:22:57.579 Service scanning
15:23:00.445 Modules scanning
15:23:06.087 Disk 0 trace - called modules:
15:23:06.129 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys iaNvStor.sys
15:23:06.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x884d5648]
15:23:06.156 3 CLASSPNP.SYS[895108b3] -> nt!IofCallDriver -> [0x867b6c60]
15:23:06.173 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x861eb028]
15:23:06.942 AVAST engine scan C:\Windows
15:23:12.588 AVAST engine scan C:\Windows\system32
15:25:01.531 AVAST engine scan C:\Windows\system32\drivers
15:25:09.005 AVAST engine scan C:\Users\Philip
15:26:01.722 Disk 0 MBR has been saved successfully to "C:\Users\Philip\Desktop\MBR.dat"
15:26:01.745 The log file has been saved successfully to "C:\Users\Philip\Desktop\aswMBR.txt"





Thank you!!!

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:46 AM

Posted 15 August 2011 - 02:59 PM

Let's try to reset your router...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 15 August 2011 - 04:58 PM

Well I stand corrected- I am no longer getting redirected, GMER or one of the earlier steps must have worked! I should have checked that machine morning before replying that I was still being redirected; I guess I thought we'd only done diagnostics and had yet to take any corrective actions. Apologies, and thanks a million! I don't suppose that I need to reset the router then, as my other laptop was not affected, correct? Are there any additional steps that I need to take, such as restoring the cd emulation?


THANK YOU!

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:46 AM

Posted 15 August 2011 - 05:18 PM

Good news :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

============================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

========================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 15 August 2011 - 09:39 PM

Hi Broni,


The older versions of Adobe Reader don't seem to want to let themselves be uninstalled. When I first tried to uninstall Adobe altogether, the process hung up and message popped up saying that an unidentified program wanted access to my computer. So I denied it and started the process over again with the same result. Then I tried following your link to install the latest version of Reader, and it got 96% but again hung up in the process of preparing to uninstall older versions. Arg. So apparently I am not home free yet.....

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:46 AM

Posted 15 August 2011 - 09:54 PM

I suggest you switch to FoxIt. Much better...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 bionicbird

bionicbird
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 15 August 2011 - 10:05 PM

That's what I was trying to do, but I can't get rid of Adobe... it won't let me uninstall it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users