Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mbam and avast say I'm clean, but I'm paranoid


  • This topic is locked This topic is locked
14 replies to this topic

#1 ZT-repairseek

ZT-repairseek

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 12 September 2011 - 12:00 PM

okay so...

earlier, I noticed a site I go to was misbehaving. thumbnails weren't showing up, infact it seemed that the site wasn't even putting their places up.
so I figured I'd reboot and see if that fixed it. well. during that reboot via the shutdown dialog, after the computer got done with it's "okay is there a CD I should boot from?" thing and it's verifying DMI pool data, I got something about Client MAC address, and numbers I'm sure are just that, and then something about DHCP and the machine sat for a while spinning a line at me. (you know, the \|/-\ etc animation in not!DOS).

twitchily I chose to halt the boot and start up "cold". I also popped the LAN cable. booted up. original problem persisted (and admittedly it might just be the site's tech guys were playing with a new idea and broke something), but I decided to start doing antimalware-ism. while trying to look up some stuff that's FILE NOT FOUND in Autoruns, the browser froze up and wouldn't die even for "end process" in taskmanager. attempting to bring up process explorer didn't get anywhere. between that and a ghost of GMER in the process list that wouldn't go away, I ended up having to force shutdown since things were being unresponsive. I popped the LAN cable then too because I'm in malware paranoia mode.

booted back up about normally, barring the "wanna use safemode?" prompt that's to be expected when one does something like that.

now. I've run mbam and avast (which are updated, of course), and came up clean... but being the worrier I am, I've done the HJT/DDR/GMER thing, and I shall present those logs to you lot to see if anything looks amiss. I'm also attaching a screencapture of those FILE NOT FOUND things from autoruns(shown disabled), to see if you lot think it's a safe idea to actually disable/delete them.

running vista homeprem SP2. if you'd like a belarc advisor audit I'll make one too.


~~~~~~~~~~~~~~~~~~~LOGS START~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:29 AM, on 9/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PacketiXVPNClient\vpncmgr.exe
C:\Program Files\PacketiXVPNClient\vpnclient.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Tools\HJT\whatisthismadness.exe

O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FreeDownloadManager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: PacketiX VPN Client Task Tray.lnk = C:\Program Files\PacketiXVPNClient\vpncmgr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dllink.htm
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} (LovClientLoader.Loader) - http://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PacketiX VPN Client (vpnclient) - SoftEther Corporation - C:\Program Files\PacketiXVPNClient\vpnclient.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3587 bytes


DDS (Ver_10-12-12.02) - NTFSx86
Run by ZT01 at 11:41:47.89 on 09/12/2011 Mon
Internet Explorer: 7.0.6002.18005
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PacketiXVPNClient\vpncmgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PacketiXVPNClient\vpnclient.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\PacketiXVPNClient\vpnclient.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sleipnir\bin\Sleipnir.exe
C:\Program Files\PSP9\Paint Shop Pro 9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Tools\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307304502&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\freedownloadmanager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] "c:\program files\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\packet~1.lnk - c:\program files\packetixvpnclient\vpncmgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\freedownloadmanager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\freedownloadmanager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\freedownloadmanager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\freedownloadmanager\dllink.htm
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} - hxxps://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} - hxxp://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-6 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-6 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-6 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2011-2-6 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 vpnclient;PacketiX VPN Client;c:\program files\packetixvpnclient\vpnclient.exe [2008-5-15 2478080]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\drivers\Neo_0092.sys [2011-5-23 22000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================


==================== Find3M ====================

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-08-12 14:49:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

============= FINISH: 11:43:00.26 ===============




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-12 12:47:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000057 WDC_WD32 rev.01.0
Running: gmer.exe; Driver: C:\Users\ZT01\AppData\Local\Temp\uxtirpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F479374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F47B996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F47B9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F47BB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F47B8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F47BA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F47B940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F47BAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F479398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F479162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F4793BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F47BEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F479E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F47B9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F47BA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F47BB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F47B918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F47BA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F47B96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F47BADC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F479D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F4793E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F479404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F4791BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F4792F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F4792D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F47931C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F479428]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 826B3890 4 Bytes [74, 93, 47, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D1 826B3954 8 Bytes [96, B9, 47, 8F, EE, B9, 47, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 826B3960 4 Bytes [04, BB, 47, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1F5 826B3978 4 Bytes [EC, B8, 47, 8F]
.text ntkrnlpa.exe!KeSetEvent + 215 826B3998 8 Bytes [3E, BA, 47, 8F, 40, B9, 47, ...]
.text ...
.text win32k.sys!EngCreateRectRgn + 4537 9688FC80 5 Bytes JMP 8F47C5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 968A8EA9 5 Bytes JMP 8F47CFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 968A9C95 5 Bytes JMP 8F47D118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 968B23F7 5 Bytes JMP 8F47BF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 968B334E 5 Bytes JMP 8F47CD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 968BEA94 5 Bytes JMP 8F47C4BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 968BFEFF 5 Bytes JMP 8F47C0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 968D9A35 5 Bytes JMP 8F47C326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 968D9A89 5 Bytes JMP 8F47C4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 96900A8E 5 Bytes JMP 8F47CD0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 969033ED 5 Bytes JMP 8F47BFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 96909D2E 5 Bytes JMP 8F47C14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 969141CC 5 Bytes JMP 8F47D1BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 969170B4 5 Bytes JMP 8F47C016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 969354E5 5 Bytes JMP 8F47CEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 9693BBB3 5 Bytes JMP 8F47CD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 9693F32A 5 Bytes JMP 8F47CE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 96946C49 5 Bytes JMP 8F47C096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 969651BC 5 Bytes JMP 8F47C254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 9696AA3A 5 Bytes JMP 8F47C1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9696E572 5 Bytes JMP 8F47D070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 9698CA97 5 Bytes JMP 8F47C1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 969992F1 5 Bytes JMP 8F47C28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Windows\system32\Drivers\PROCEXP141.SYS The system cannot find the file specified. !
? C:\Users\ZT01\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\conime.exe[288] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000401F8
.text C:\Windows\system32\conime.exe[288] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000403FC
.text C:\Windows\system32\conime.exe[288] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001403FC
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00140600
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00141014
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00140804
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00140A08
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00140C0C
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00140E10
.text C:\Windows\system32\conime.exe[288] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001401F8
.text C:\Windows\system32\conime.exe[288] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00150600
.text C:\Windows\system32\conime.exe[288] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00150804
.text C:\Windows\system32\conime.exe[288] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\conime.exe[288] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\conime.exe[288] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.exe[752] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.exe[752] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.exe[752] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001603FC
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00160600
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00161014
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00160804
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00160A08
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00160C0C
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00160E10
.text C:\Windows\Explorer.exe[752] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001601F8
.text C:\Windows\Explorer.exe[752] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00170600
.text C:\Windows\Explorer.exe[752] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00170804
.text C:\Windows\Explorer.exe[752] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00170A08
.text C:\Windows\Explorer.exe[752] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001701F8
.text C:\Windows\Explorer.exe[752] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\taskmgr.exe[880] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskmgr.exe[880] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskmgr.exe[880] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskmgr.exe[880] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskmgr.exe[880] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskmgr.exe[880] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskmgr.exe[880] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskmgr.exe[880] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskmgr.exe[880] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000803FC
.text C:\Tools\gmer.exe[1108] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001501F8
.text C:\Tools\gmer.exe[1108] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001503FC
.text C:\Tools\gmer.exe[1108] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 003303FC
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00330600
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00331014
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00330804
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00330A08
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00330C0C
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00330E10
.text C:\Tools\gmer.exe[1108] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 003301F8
.text C:\Tools\gmer.exe[1108] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00350600
.text C:\Tools\gmer.exe[1108] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00350804
.text C:\Tools\gmer.exe[1108] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00350A08
.text C:\Tools\gmer.exe[1108] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 003501F8
.text C:\Tools\gmer.exe[1108] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 003503FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000901F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000903FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 000B0600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 000B1014
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 000B0804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 000B0A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 000B0C0C
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 000B0E10
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000B01F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 000C0600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 000C0804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 000C0A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[1528] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001501F8
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001503FC
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001E03FC
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 001E0600
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 001E1014
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 001E0804
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 001E0A08
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 001E0C0C
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 001E0E10
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001E01F8
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 001F0600
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 001F0804
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 001F0A08
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001F01F8
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[1700] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001F03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 002003FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00200600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00201014
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00200804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00200A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00200C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00200E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 002001F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00210600
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00210804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00210A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 002101F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2172] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 002103FC
.text C:\Windows\system32\SearchIndexer.exe[2316] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2316] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2316] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\SearchIndexer.exe[2316] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\SearchIndexer.exe[2316] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00130600
.text C:\Windows\system32\SearchIndexer.exe[2316] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00130804
.text C:\Windows\system32\SearchIndexer.exe[2316] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\SearchIndexer.exe[2316] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\SearchIndexer.exe[2316] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001303FC
.text C:\Windows\system32\svchost.exe[2360] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2360] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2360] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[2360] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[2380] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[2380] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[2380] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001503FC
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00150600
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00151014
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00150804
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00150A08
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00150C0C
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00150E10
.text C:\Windows\System32\svchost.exe[2380] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001501F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000901F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000903FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001503FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00150600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00151014
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00150804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00150A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00150C0C
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00150E10
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001501F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00160600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00160804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00160A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001601F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[3036] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00101014
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00100C0C
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00100E10
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[3116] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 006B0600
.text C:\Windows\system32\svchost.exe[3116] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 006B0804
.text C:\Windows\system32\svchost.exe[3116] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 006B0A08
.text C:\Windows\system32\svchost.exe[3116] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 006B01F8
.text C:\Windows\system32\svchost.exe[3116] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 006B03FC
.text C:\Program Files\Avast5\AvastSvc.exe[3268] kernel32.dll!SetUnhandledExceptionFilter 7641A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Avast5\AvastSvc.exe[3268] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4360] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[4360] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[4360] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001103FC
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00110600
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00111014
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00110804
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00110A08
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00110C0C
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00110E10
.text C:\Windows\System32\svchost.exe[4360] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001101F8
.text C:\Windows\system32\vssvc.exe[4480] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\vssvc.exe[4480] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\vssvc.exe[4480] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001103FC
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00110600
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00111014
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00110804
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00110A08
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00110C0C
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00110E10
.text C:\Windows\system32\vssvc.exe[4480] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001101F8
.text C:\Windows\system32\vssvc.exe[4480] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00120600
.text C:\Windows\system32\vssvc.exe[4480] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00120804
.text C:\Windows\system32\vssvc.exe[4480] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\vssvc.exe[4480] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\vssvc.exe[4480] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskeng.exe[4568] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[4568] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[4568] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[4568] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[4568] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 001D0600
.text C:\Windows\system32\taskeng.exe[4568] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 001D0804
.text C:\Windows\system32\taskeng.exe[4568] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 001D0A08
.text C:\Windows\system32\taskeng.exe[4568] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001D01F8
.text C:\Windows\system32\taskeng.exe[4568] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001D03FC
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000901F8
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000903FC
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 009503FC
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00950600
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00951014
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00950804
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00950A08
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00950C0C
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00950E10
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 009501F8
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00960600
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00960804
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00960A08
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 009601F8
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[4712] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 009603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001203FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00120600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00121014
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00120804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00120A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00120C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00120E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001201F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00130600
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00130804
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00130A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001301F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4728] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001303FC
.text C:\Program Files\Avast5\AvastUI.exe[4760] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[4808] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[4808] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[4808] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 002103FC
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00210600
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00211014
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00210804
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00210A08
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00210C0C
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00210E10
.text C:\Windows\RtHDVCpl.exe[4808] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 002101F8
.text C:\Windows\RtHDVCpl.exe[4808] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00220600
.text C:\Windows\RtHDVCpl.exe[4808] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00220804
.text C:\Windows\RtHDVCpl.exe[4808] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00220A08
.text C:\Windows\RtHDVCpl.exe[4808] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 002201F8
.text C:\Windows\RtHDVCpl.exe[4808] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 002203FC
.text C:\Windows\Explorer.EXE[5048] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[5048] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[5048] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 009503FC
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00950600
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00951014
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00950804
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00950A08
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00950C0C
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00950E10
.text C:\Windows\Explorer.EXE[5048] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 009501F8
.text C:\Windows\Explorer.EXE[5048] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00960600
.text C:\Windows\Explorer.EXE[5048] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00960804
.text C:\Windows\Explorer.EXE[5048] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00960A08
.text C:\Windows\Explorer.EXE[5048] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 009601F8
.text C:\Windows\Explorer.EXE[5048] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 009603FC
.text C:\Windows\system32\Dwm.exe[5152] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[5152] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[5152] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001103FC
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00110600
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00111014
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00110804
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00110A08
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00110C0C
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00110E10
.text C:\Windows\system32\Dwm.exe[5152] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001101F8
.text C:\Windows\system32\Dwm.exe[5152] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00120600
.text C:\Windows\system32\Dwm.exe[5152] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00120804
.text C:\Windows\system32\Dwm.exe[5152] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\Dwm.exe[5152] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\Dwm.exe[5152] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskeng.exe[5392] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[5392] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[5392] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[5392] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[5392] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[5392] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[5392] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[5392] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[5392] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[5432] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[5432] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[5432] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 005803FC
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00580600
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00581014
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00580804
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00580A08
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00580C0C
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00580E10
.text C:\Windows\system32\svchost.exe[5432] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 005801F8
.text C:\Windows\system32\svchost.exe[5432] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 005C0600
.text C:\Windows\system32\svchost.exe[5432] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 005C0804
.text C:\Windows\system32\svchost.exe[5432] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 005C0A08
.text C:\Windows\system32\svchost.exe[5432] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 005C01F8
.text C:\Windows\system32\svchost.exe[5432] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 005C03FC
.text C:\Windows\System32\spoolsv.exe[5480] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[5480] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[5480] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00100600
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00101014
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00100C0C
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00100E10
.text C:\Windows\System32\spoolsv.exe[5480] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[5480] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00A60600
.text C:\Windows\System32\spoolsv.exe[5480] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00A60804
.text C:\Windows\System32\spoolsv.exe[5480] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00A60A08
.text C:\Windows\System32\spoolsv.exe[5480] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 00A601F8
.text C:\Windows\System32\spoolsv.exe[5480] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 00A603FC
.text C:\Windows\system32\svchost.exe[6136] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[6136] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[6136] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[6136] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[6136] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[6136] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[6136] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[6136] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[6136] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\nvvsvc.exe[6268] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[6268] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[6268] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\nvvsvc.exe[6268] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[6268] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[6268] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[6268] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[6268] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[6268] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001803FC
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 003103FC
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00310600
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00311014
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00310804
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00310A08
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00310C0C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00310E10
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 003101F8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00320600
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00320804
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00320A08
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 003201F8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[6308] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 003203FC
.text C:\Windows\system32\svchost.exe[6540] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[6540] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[6540] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[6540] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[6540] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00290600
.text C:\Windows\system32\svchost.exe[6540] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00290804
.text C:\Windows\system32\svchost.exe[6540] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00290A08
.text C:\Windows\system32\svchost.exe[6540] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 002901F8
.text C:\Windows\system32\svchost.exe[6540] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 002903FC
.text C:\Windows\system32\AUDIODG.EXE[6732] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[6932] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[6932] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[6932] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00151014
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00150C0C
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00150E10
.text C:\Windows\system32\svchost.exe[6932] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[6932] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 008A0600
.text C:\Windows\system32\svchost.exe[6932] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 008A0804
.text C:\Windows\system32\svchost.exe[6932] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 008A0A08
.text C:\Windows\system32\svchost.exe[6932] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 008A01F8
.text C:\Windows\system32\svchost.exe[6932] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 008A03FC
.text C:\Windows\System32\svchost.exe[6956] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[6956] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[6956] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001103FC
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00110600
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00111014
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00110804
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00110A08
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00110C0C
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00110E10
.text C:\Windows\System32\svchost.exe[6956] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001101F8
.text C:\Windows\System32\svchost.exe[6956] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00DF0600
.text C:\Windows\System32\svchost.exe[6956] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00DF0804
.text C:\Windows\System32\svchost.exe[6956] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00DF0A08
.text C:\Windows\System32\svchost.exe[6956] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 00DF01F8
.text C:\Windows\System32\svchost.exe[6956] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 00DF03FC
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001601F8
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001603FC
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00270600
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00270804
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00270A08
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 002701F8
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 002703FC
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 003F03FC
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 003F0600
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 003F1014
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 003F0804
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 003F0A08
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 003F0C0C
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 003F0E10
.text C:\Program Files\PSP9\Paint Shop Pro 9.exe[6984] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 003F01F8
.text C:\Windows\System32\svchost.exe[7020] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[7020] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[7020] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[7020] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[7020] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[7020] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 001E0804
.text C:\Windows\System32\svchost.exe[7020] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 001E0A08
.text C:\Windows\System32\svchost.exe[7020] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001E01F8
.text C:\Windows\System32\svchost.exe[7020] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[7276] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[7276] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[7276] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[7276] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[7276] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[7276] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00190804
.text C:\Windows\system32\svchost.exe[7276] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[7276] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[7276] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\nvvsvc.exe[7332] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[7332] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[7332] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 002103FC
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00210600
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00211014
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00210804
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00210A08
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00210C0C
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00210E10
.text C:\Windows\system32\nvvsvc.exe[7332] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 002101F8
.text C:\Windows\system32\nvvsvc.exe[7332] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00220600
.text C:\Windows\system32\nvvsvc.exe[7332] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00220804
.text C:\Windows\system32\nvvsvc.exe[7332] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00220A08
.text C:\Windows\system32\nvvsvc.exe[7332] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 002201F8
.text C:\Windows\system32\nvvsvc.exe[7332] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 002203FC
.text C:\Windows\system32\svchost.exe[7444] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[7444] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[7444] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[7444] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\csrss.exe[8016] KERNEL32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[8068] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[8068] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[8068] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[8068] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[8068] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[8068] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[8068] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[8068] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[8068] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[8080] KERNEL32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\services.exe[8112] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[8112] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[8112] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001503FC
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00150600
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00151014
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00150804
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00150A08
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00150C0C
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00150E10
.text C:\Windows\system32\services.exe[8112] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001501F8
.text C:\Windows\system32\services.exe[8112] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00160600
.text C:\Windows\system32\services.exe[8112] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00160804
.text C:\Windows\system32\services.exe[8112] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\services.exe[8112] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\services.exe[8112] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\lsass.exe[8128] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[8128] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[8128] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 001103FC
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00110600
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00111014
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00110804
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00110A08
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00110C0C
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00110E10
.text C:\Windows\system32\lsass.exe[8128] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 001101F8
.text C:\Windows\system32\lsass.exe[8128] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00120600
.text C:\Windows\system32\lsass.exe[8128] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00120804
.text C:\Windows\system32\lsass.exe[8128] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\lsass.exe[8128] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\lsass.exe[8128] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001203FC
.text C:\Windows\system32\lsm.exe[8136] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[8136] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[8136] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[8136] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[8176] ntdll.dll!LdrLoadDll 772093A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[8176] ntdll.dll!LdrUnloadDll 7721B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[8176] kernel32.dll!GetBinaryTypeW + 70 76442247 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!SetServiceObjectSecurity 75E36CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!ChangeServiceConfig2A 75E37099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!ChangeServiceConfig2W 75E371E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\winlogon.exe[8176] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\winlogon.exe[8176] USER32.dll!SetWindowsHookExA 76356322 5 Bytes JMP 00150600
.text C:\Windows\system32\winlogon.exe[8176] USER32.dll!SetWindowsHookExW 763587AD 5 Bytes JMP 00150804
.text C:\Windows\system32\winlogon.exe[8176] USER32.dll!UnhookWindowsHookEx 763598DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\winlogon.exe[8176] USER32.dll!SetWinEventHook 76359F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\winlogon.exe[8176] USER32.dll!UnhookWinEvent 7635C06F 5 Bytes JMP 001503FC

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----



(derp, I forgot to kill winCDE. if you want me to kill it and redo this, let me know. *sweat*)


*update*
well, I was right about the website having problems. and though I didn't pop the LAN cable this morning, that big with the MAC address and DHCP didn't happen, so it's occurence when I tried to use windows' own restart command is even more a mystery to me.

Edited by ZT-repairseek, 13 September 2011 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 19 September 2011 - 12:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418664 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 20 September 2011 - 01:57 AM

*note*
nothing -seems- to be exploding in the week since the initial post of this, but I'd still appreciate having someone go over the information to make sure there's nothing being missed, and have someone confirm whether or not I can get away with cleaning out those entries from autoruns.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 20 September 2011 - 04:12 AM

In that case, please post updated logs so I can see if anything is off.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 24 September 2011 - 11:37 AM

~~~~~~~~~~~~~~~~~~~~~~H J T~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:12 AM, on 9/24/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PacketiXVPNClient\vpncmgr.exe
C:\Program Files\PacketiXVPNClient\vpnclient.exe
C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\sysreset\mirc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sleipnir\bin\Sleipnir.exe
C:\Tools\HJT\findstuffwrong.exe

O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FreeDownloadManager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: PacketiX VPN Client Task Tray.lnk = C:\Program Files\PacketiXVPNClient\vpncmgr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dllink.htm
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} (LovClientLoader.Loader) - http://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PacketiX VPN Client (vpnclient) - SoftEther Corporation - C:\Program Files\PacketiXVPNClient\vpnclient.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3716 bytes



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~D D S~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DDS (Ver_10-12-12.02) - NTFSx86
Run by ZT01 at 11:05:25.58 on 09/24/2011 Sat
Internet Explorer: 7.0.6002.18005
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PacketiXVPNClient\vpncmgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PacketiXVPNClient\vpnclient.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\PacketiXVPNClient\vpnclient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\sysreset\mirc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sleipnir\bin\Sleipnir.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Tools\Defogger.exe
C:\Windows\system32\conime.exe
C:\Tools\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307304502&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\freedownloadmanager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast5] "c:\program files\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\packet~1.lnk - c:\program files\packetixvpnclient\vpncmgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\freedownloadmanager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\freedownloadmanager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\freedownloadmanager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\freedownloadmanager\dllink.htm
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} - hxxps://gash.gamania.co.jp/acxauth/cab/2.0.1/lcjggame.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4BC6F2E-E1BB-4F76-A400-87FF46653A8E} - hxxp://lov.ujj.co.jp/mypage/activex/LovClientLoader.CAB
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-6 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-6 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-6 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2011-2-6 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 vpnclient;PacketiX VPN Client;c:\program files\packetixvpnclient\vpnclient.exe [2008-5-15 2478080]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\drivers\Neo_0092.sys [2011-5-23 22000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-09-12 22:46:40 -------- d-----w- C:\-Arrivals-

==================== Find3M ====================

2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-08-12 14:49:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

============= FINISH: 11:06:01.90 ===============




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~G M E R~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-24 12:30:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000057 WDC_WD32 rev.01.0
Running: gmer.exe; Driver: C:\Users\ZT01\AppData\Local\Temp\uxtirpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EC7C374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EC7E996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EC7E9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EC7EB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EC7E8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8EC7EA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EC7E940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EC7EAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EC7C398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8EC7C162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EC7C3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EC7EEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EC7CE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EC7E9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EC7EA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EC7EB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EC7E918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EC7EA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EC7E96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EC7EADC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EC7CD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EC7C3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EC7C404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EC7C1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EC7C2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EC7C2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8EC7C31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EC7C428]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 826BB890 4 Bytes [74, C3, C7, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D1 826BB954 8 Bytes [96, E9, C7, 8E, EE, E9, C7, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 826BB960 4 Bytes [04, EB, C7, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1F5 826BB978 4 Bytes [EC, E8, C7, 8E]
.text ntkrnlpa.exe!KeSetEvent + 215 826BB998 8 Bytes JMP E9408EC7
.text ...
.text win32k.sys!EngCreateRectRgn + 4537 9661FC80 5 Bytes JMP 8EC7F5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 96638EA9 5 Bytes JMP 8EC7FFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 96639C95 5 Bytes JMP 8EC80118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 966423F7 5 Bytes JMP 8EC7EF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 9664334E 5 Bytes JMP 8EC7FD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 9664EA94 5 Bytes JMP 8EC7F4BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 9664FEFF 5 Bytes JMP 8EC7F0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 96669A35 5 Bytes JMP 8EC7F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 96669A89 5 Bytes JMP 8EC7F4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 96690A8E 5 Bytes JMP 8EC7FD0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 966933ED 5 Bytes JMP 8EC7EFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 96699D2E 5 Bytes JMP 8EC7F14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 966A41CC 5 Bytes JMP 8EC801BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 966A70B4 5 Bytes JMP 8EC7F016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 966C54E5 5 Bytes JMP 8EC7FEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 966CBBB3 5 Bytes JMP 8EC7FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 966CF32A 5 Bytes JMP 8EC7FE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 966D6C49 5 Bytes JMP 8EC7F096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 966F51BC 5 Bytes JMP 8EC7F254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 966FAA3A 5 Bytes JMP 8EC7F1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 966FE572 5 Bytes JMP 8EC80070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 9671CA97 5 Bytes JMP 8EC7F1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 967292F1 5 Bytes JMP 8EC7F28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\ZT01\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00210600
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00210804
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00210A08
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 002101F8
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 002103FC
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002203FC
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00220600
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00221014
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00220804
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00220A08
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00220C0C
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00220E10
.text C:\Users\ZT01\AppData\Roaming\Dropbox\bin\Dropbox.exe[332] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002201F8
.text C:\Windows\system32\Dwm.exe[580] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[580] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[580] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001103FC
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00110600
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00111014
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00110804
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00110A08
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00110C0C
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00110E10
.text C:\Windows\system32\Dwm.exe[580] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001101F8
.text C:\Windows\system32\Dwm.exe[580] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00120600
.text C:\Windows\system32\Dwm.exe[580] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00120804
.text C:\Windows\system32\Dwm.exe[580] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\Dwm.exe[580] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\Dwm.exe[580] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001203FC
.text C:\Windows\Explorer.exe[604] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.exe[604] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.exe[604] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00110600
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00111014
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00110804
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00110C0C
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00110E10
.text C:\Windows\Explorer.exe[604] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.exe[604] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00160600
.text C:\Windows\Explorer.exe[604] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00160804
.text C:\Windows\Explorer.exe[604] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00160A08
.text C:\Windows\Explorer.exe[604] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001601F8
.text C:\Windows\Explorer.exe[604] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002103FC
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00210600
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00211014
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00210804
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00210A08
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00210C0C
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00210E10
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002101F8
.text C:\Windows\system32\svchost.exe[760] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 004C0600
.text C:\Windows\system32\svchost.exe[760] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 004C0804
.text C:\Windows\system32\svchost.exe[760] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 004C0A08
.text C:\Windows\system32\svchost.exe[760] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 004C01F8
.text C:\Windows\system32\svchost.exe[760] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 004C03FC
.text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[896] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\AUDIODG.EXE[1048] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00CF0600
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00CF0804
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00CF0A08
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 00CF01F8
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 00CF03FC
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002203FC
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00220600
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00221014
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00220804
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00220A08
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00220C0C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00220E10
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002201F8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00230600
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00230804
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00230A08
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 002301F8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1336] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 002303FC
.text C:\Windows\system32\nvvsvc.exe[1360] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[1360] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[1360] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 003103FC
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00310600
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00311014
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00310804
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00310A08
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00310C0C
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00310E10
.text C:\Windows\system32\nvvsvc.exe[1360] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 003101F8
.text C:\Windows\system32\nvvsvc.exe[1360] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00320600
.text C:\Windows\system32\nvvsvc.exe[1360] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00320804
.text C:\Windows\system32\nvvsvc.exe[1360] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00320A08
.text C:\Windows\system32\nvvsvc.exe[1360] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 003201F8
.text C:\Windows\system32\nvvsvc.exe[1360] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 003203FC
.text C:\Program Files\Avast5\AvastUI.exe[1528] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[1544] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[1544] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[1544] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 003103FC
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00310600
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00311014
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00310804
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00310A08
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00310C0C
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00310E10
.text C:\Windows\RtHDVCpl.exe[1544] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 003101F8
.text C:\Windows\RtHDVCpl.exe[1544] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00320600
.text C:\Windows\RtHDVCpl.exe[1544] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00320804
.text C:\Windows\RtHDVCpl.exe[1544] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00320A08
.text C:\Windows\RtHDVCpl.exe[1544] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 003201F8
.text C:\Windows\RtHDVCpl.exe[1544] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 003203FC
.text C:\Windows\system32\taskeng.exe[1928] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1928] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[1928] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001403FC
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00140600
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00141014
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00140804
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00140A08
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00140C0C
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00140E10
.text C:\Windows\system32\taskeng.exe[1928] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001401F8
.text C:\Windows\system32\taskeng.exe[1928] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00150600
.text C:\Windows\system32\taskeng.exe[1928] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00150804
.text C:\Windows\system32\taskeng.exe[1928] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\taskeng.exe[1928] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\taskeng.exe[1928] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1960] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1960] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[1960] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00110804
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00110A08
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001101F8
.text C:\Windows\system32\svchost.exe[1960] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[1984] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[1984] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[1984] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000C03FC
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 000C0600
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 000C1014
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 000C0804
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 000C0A08
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 000C0C0C
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 000C0E10
.text C:\Windows\Explorer.EXE[1984] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000C01F8
.text C:\Windows\Explorer.EXE[1984] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 000D0600
.text C:\Windows\Explorer.EXE[1984] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 000D0804
.text C:\Windows\Explorer.EXE[1984] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 000D0A08
.text C:\Windows\Explorer.EXE[1984] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 000D01F8
.text C:\Windows\Explorer.EXE[1984] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 000D03FC
.text C:\Windows\System32\spoolsv.exe[2024] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[2024] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[2024] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001403FC
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00140600
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00141014
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00140804
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00140A08
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00140C0C
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00140E10
.text C:\Windows\System32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001401F8
.text C:\Windows\System32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00350600
.text C:\Windows\System32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00350804
.text C:\Windows\System32\spoolsv.exe[2024] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00350A08
.text C:\Windows\System32\spoolsv.exe[2024] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 003501F8
.text C:\Windows\System32\spoolsv.exe[2024] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 003503FC
.text C:\Tools\Defogger.exe[2096] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 002501F8
.text C:\Tools\Defogger.exe[2096] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 002503FC
.text C:\Tools\Defogger.exe[2096] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!CreateServiceW 76719EB4 5 Bytes JMP 003103FC
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!DeleteService 7671A07E 5 Bytes JMP 00310600
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00311014
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00310804
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!ChangeServiceConfigW 76756F81 5 Bytes JMP 00310A08
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!ChangeServiceConfig2A 76757099 5 Bytes JMP 00310C0C
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00310E10
.text C:\Tools\Defogger.exe[2096] ADVAPI32.DLL!CreateServiceA 767572A1 5 Bytes JMP 003101F8
.text C:\Tools\Defogger.exe[2096] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00320600
.text C:\Tools\Defogger.exe[2096] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00320804
.text C:\Tools\Defogger.exe[2096] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00320A08
.text C:\Tools\Defogger.exe[2096] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 003201F8
.text C:\Tools\Defogger.exe[2096] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 003203FC
.text C:\Windows\system32\NOTEPAD.EXE[2188] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\NOTEPAD.EXE[2188] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\NOTEPAD.EXE[2188] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001503FC
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00150600
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00151014
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00150804
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00150A08
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00150C0C
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00150E10
.text C:\Windows\system32\NOTEPAD.EXE[2188] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001501F8
.text C:\Windows\system32\NOTEPAD.EXE[2188] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00160600
.text C:\Windows\system32\NOTEPAD.EXE[2188] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00160804
.text C:\Windows\system32\NOTEPAD.EXE[2188] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\NOTEPAD.EXE[2188] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\NOTEPAD.EXE[2188] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001603FC
.text C:\sysreset\mirc.exe[2420] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\sysreset\mirc.exe[2420] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\sysreset\mirc.exe[2420] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001C03FC
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 001C0600
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 001C1014
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 001C0804
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 001C0A08
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 001C0C0C
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 001C0E10
.text C:\sysreset\mirc.exe[2420] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001C01F8
.text C:\sysreset\mirc.exe[2420] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 001D0600
.text C:\sysreset\mirc.exe[2420] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 001D0804
.text C:\sysreset\mirc.exe[2420] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 001D0A08
.text C:\sysreset\mirc.exe[2420] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001D01F8
.text C:\sysreset\mirc.exe[2420] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001D03FC
.text C:\Windows\system32\taskeng.exe[2576] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2576] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2576] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001403FC
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00140600
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00141014
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00140804
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00140A08
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00140C0C
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00140E10
.text C:\Windows\system32\taskeng.exe[2576] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001401F8
.text C:\Windows\system32\taskeng.exe[2576] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00190600
.text C:\Windows\system32\taskeng.exe[2576] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00190804
.text C:\Windows\system32\taskeng.exe[2576] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\taskeng.exe[2576] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\taskeng.exe[2576] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001903FC
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000901F8
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000903FC
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001003FC
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00100600
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00101014
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00100804
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00100A08
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00100C0C
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00100E10
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001001F8
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00960600
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00960804
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00960A08
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 009601F8
.text C:\Program Files\PacketiXVPNClient\vpncmgr.exe[2656] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 009603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00270600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00271014
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00270804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00270A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00270C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00270E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002701F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00280600
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00280804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00280A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 002801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2672] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 002803FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] kernel32.dll!SetUnhandledExceptionFilter 7780A84F 5 Bytes JMP 0057C3ED C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00270600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00271014
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00270804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00270A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00270C0C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00270E10
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002701F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00280600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00280804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00280A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 002801F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2724] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 002803FC
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 003903FC
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00390600
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00391014
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00390804
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00390A08
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00390C0C
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00390E10
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 003901F8
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 003A0600
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 003A0804
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 003A0A08
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 003A01F8
.text C:\Program Files\Sleipnir\bin\Sleipnir.exe[3052] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 003A03FC
.text C:\Program Files\Avast5\AvastSvc.exe[3672] kernel32.dll!SetUnhandledExceptionFilter 7780A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Avast5\AvastSvc.exe[3672] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3880] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3880] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3880] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3880] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3880] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00410600
.text C:\Windows\system32\svchost.exe[3880] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00410804
.text C:\Windows\system32\svchost.exe[3880] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00410A08
.text C:\Windows\system32\svchost.exe[3880] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 004101F8
.text C:\Windows\system32\svchost.exe[3880] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 004103FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000901F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000903FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 009503FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00950600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00951014
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00950804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00950A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00950C0C
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00950E10
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 009501F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00960600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00960804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00960A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 009601F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[4024] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 009603FC
.text C:\Windows\system32\conime.exe[4368] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000401F8
.text C:\Windows\system32\conime.exe[4368] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000403FC
.text C:\Windows\system32\conime.exe[4368] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\conime.exe[4368] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\conime.exe[4368] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00100600
.text C:\Windows\system32\conime.exe[4368] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00100804
.text C:\Windows\system32\conime.exe[4368] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\conime.exe[4368] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\conime.exe[4368] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002103FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00210600
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00211014
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00210804
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00210A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00210C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00210E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002101F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00220600
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00220804
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00220A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 002201F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[4548] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 002203FC
.text C:\Windows\system32\SearchIndexer.exe[4700] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[4700] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[4700] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001103FC
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00110600
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00111014
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00110804
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00110A08
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00110C0C
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00110E10
.text C:\Windows\system32\SearchIndexer.exe[4700] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001101F8
.text C:\Windows\system32\SearchIndexer.exe[4700] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00120600
.text C:\Windows\system32\SearchIndexer.exe[4700] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00120804
.text C:\Windows\system32\SearchIndexer.exe[4700] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00120A08
.text C:\Windows\system32\SearchIndexer.exe[4700] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001201F8
.text C:\Windows\system32\SearchIndexer.exe[4700] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001203FC
.text C:\Windows\System32\svchost.exe[4740] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[4740] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[4740] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[4740] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002403FC
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00240600
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00241014
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00240804
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00240A08
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00240C0C
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00240E10
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002401F8
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00250600
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00250804
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00250A08
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 002501F8
.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[5584] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 002503FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000901F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000903FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 009503FC
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00950600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00951014
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00950804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00950A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00950C0C
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00950E10
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 009501F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00960600
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00960804
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00960A08
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 009601F8
.text C:\Program Files\PacketiXVPNClient\vpnclient.exe[6184] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 009603FC
.text C:\Windows\system32\csrss.exe[7636] KERNEL32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[7688] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[7688] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[7688] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[7688] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[7688] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[7688] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[7688] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[7688] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[7688] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[7700] KERNEL32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\services.exe[7732] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[7732] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[7732] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001503FC
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00150600
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00151014
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00150804
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00150A08
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00150C0C
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00150E10
.text C:\Windows\system32\services.exe[7732] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001501F8
.text C:\Windows\system32\services.exe[7732] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00160600
.text C:\Windows\system32\services.exe[7732] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00160804
.text C:\Windows\system32\services.exe[7732] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\services.exe[7732] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\services.exe[7732] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\lsass.exe[7748] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[7748] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[7748] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[7748] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[7748] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[7748] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[7748] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[7748] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[7748] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[7756] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[7756] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[7756] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001503FC
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00150600
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00151014
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00150804
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00150A08
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00150C0C
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00150E10
.text C:\Windows\system32\lsm.exe[7756] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001501F8
.text C:\Windows\system32\winlogon.exe[7796] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[7796] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[7796] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001F03FC
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 001F0600
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 001F1014
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 001F0804
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 001F0A08
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 001F0C0C
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 001F0E10
.text C:\Windows\system32\winlogon.exe[7796] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001F01F8
.text C:\Windows\system32\winlogon.exe[7796] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00940600
.text C:\Windows\system32\winlogon.exe[7796] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00940804
.text C:\Windows\system32\winlogon.exe[7796] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00940A08
.text C:\Windows\system32\winlogon.exe[7796] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 009401F8
.text C:\Windows\system32\winlogon.exe[7796] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 009403FC
.text C:\Windows\system32\svchost.exe[7936] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[7936] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[7936] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00161014
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\svchost.exe[7936] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[7992] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[7992] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[7992] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 002103FC
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00210600
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00211014
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00210804
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00210A08
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00210C0C
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00210E10
.text C:\Windows\system32\nvvsvc.exe[7992] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 002101F8
.text C:\Windows\system32\nvvsvc.exe[7992] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00220600
.text C:\Windows\system32\nvvsvc.exe[7992] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00220804
.text C:\Windows\system32\nvvsvc.exe[7992] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00220A08
.text C:\Windows\system32\nvvsvc.exe[7992] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 002201F8
.text C:\Windows\system32\nvvsvc.exe[7992] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 002203FC
.text C:\Windows\system32\svchost.exe[8020] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[8020] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[8020] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[8020] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[8020] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00450600
.text C:\Windows\system32\svchost.exe[8020] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00450804
.text C:\Windows\system32\svchost.exe[8020] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00450A08
.text C:\Windows\system32\svchost.exe[8020] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 004501F8
.text C:\Windows\system32\svchost.exe[8020] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 004503FC
.text C:\Tools\gmer.exe[8120] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 001501F8
.text C:\Tools\gmer.exe[8120] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 001503FC
.text C:\Tools\gmer.exe[8120] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 003403FC
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00340600
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00341014
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00340804
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00340A08
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00340C0C
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00340E10
.text C:\Tools\gmer.exe[8120] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 003401F8
.text C:\Tools\gmer.exe[8120] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00350600
.text C:\Tools\gmer.exe[8120] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00350804
.text C:\Tools\gmer.exe[8120] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00350A08
.text C:\Tools\gmer.exe[8120] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 003501F8
.text C:\Tools\gmer.exe[8120] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 003503FC
.text C:\Windows\System32\svchost.exe[8160] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[8160] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[8160] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[8160] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[8160] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00110600
.text C:\Windows\System32\svchost.exe[8160] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00110804
.text C:\Windows\System32\svchost.exe[8160] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00110A08
.text C:\Windows\System32\svchost.exe[8160] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 001101F8
.text C:\Windows\System32\svchost.exe[8160] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 001103FC
.text C:\Windows\System32\svchost.exe[8188] ntdll.dll!LdrLoadDll 77D693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[8188] ntdll.dll!LdrUnloadDll 77D7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[8188] kernel32.dll!GetBinaryTypeW + 70 77832247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!CreateServiceW 76719EB4 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!DeleteService 7671A07E 5 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!SetServiceObjectSecurity 76756CD9 5 Bytes JMP 000C1014
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!ChangeServiceConfigA 76756DD9 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!ChangeServiceConfigW 76756F81 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!ChangeServiceConfig2A 76757099 5 Bytes JMP 000C0C0C
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!ChangeServiceConfig2W 767571E1 5 Bytes JMP 000C0E10
.text C:\Windows\System32\svchost.exe[8188] ADVAPI32.dll!CreateServiceA 767572A1 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[8188] USER32.dll!SetWindowsHookExA 77E76322 5 Bytes JMP 00D80600
.text C:\Windows\System32\svchost.exe[8188] USER32.dll!SetWindowsHookExW 77E787AD 5 Bytes JMP 00D80804
.text C:\Windows\System32\svchost.exe[8188] USER32.dll!UnhookWindowsHookEx 77E798DB 5 Bytes JMP 00D80A08
.text C:\Windows\System32\svchost.exe[8188] USER32.dll!SetWinEventHook 77E79F3A 5 Bytes JMP 00D801F8
.text C:\Windows\System32\svchost.exe[8188] USER32.dll!UnhookWinEvent 77E7C06F 5 Bytes JMP 00D803FC

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----




the previous screenshot of autoruns still applies. also File Not Found-ing in autoruns is a registry entry looking for RDPCLIP.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 24 September 2011 - 12:26 PM

The autoruns entry is nothing to worry about.

Can you please also post attach.txt created by DDS (it will be minimized when the scan is finished). The logs this far look clean.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 25 September 2011 - 11:59 AM

so is that "can leave it" nothing to worry about or is that "can safely eliminate" nothing to worry about?



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)


Motherboard: ECS | | MCP61PM-GM
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 165.371 GiB free.
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 9.20
Adobe Flash Player 10 ActiveX
Akamai NetSession Interface
ATI Catalyst Install Manager
avast! Free Antivirus
Battle.net
C&C Media Web Game Launcher (remove only)
C21_EN
CardMon Hero
CrimzonClover
CyberLink Power2Go
Descent 3
Diablo
Digital Media Reader
DIVINA
Dream Of Mirror Online
Dropbox
Dup Detector
ELSWORD
Elsword version 1.00
Fotosizer 1.31
Foxit Reader
Free Download Manager 3.0
Hex Workshop v4.10
Hexen II
Hexen II Mission Pack
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 5
La Tale
LabelPrint
Le Ciel Bleu
Legend of Valhalla Online
Mabinogi
Malwarebytes' Anti-Malware version 1.51.2.1300
MEGAMANX8
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
Neverwinter Nights Gold Edition
Nexon Game Manager
NoteTab Pro 6 (Remove only)
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
OGPlanet Game Launcher
PacketiX VPN Client (English)
Pando Media Booster
PHANTASY STAR UNIVERSE Ambition of the Illuminus
PHANTASY STAR UNIVERSE イルミナスの野望
PictBear Version 2.02
PRC Pack
Realtek High Definition Audio Driver
Red Stone
Sandboxie 3.54 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Shin Megami Tensei: Imagine Online
Sleipnir Version 2.9.8
Soft Data Fax Modem with SmartCP
SpywareBlaster 4.4
Total Video Converter 3.71 100812
TotalAudioConverter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Vista Shortcut Manager
WinAce Archiver
Winamp (remove only)
WinCDEmu
WinDirStat 1.1.2
Windows 7 Upgrade Advisor
Windows Live installer
Windows Live Messenger
Windows版雷電Ⅲ
Wonderland Online
Ys Origin
YsVI
Yume Nikki 0.10 English v3
μTorrent
最強御主人様!
黄金夢想曲

==== End Of File ===========================

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 25 September 2011 - 12:28 PM

Just leave it where it is now. :)

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "JDK 7 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 28 September 2011 - 11:22 AM

point#1: not checking the "remove threats" box simply because I resent things being done without my direct approval; untill I got into practice of setting up exclude lists I had a lot of problems re: things running off to delete mIRC because someone decided this piece of commercial software was an evil virus and they have yet to stop trying to convince people this even though IRC is older than most of their companies; so I don't like having things get blown up without my having a say in case I miss anything that's pretty much assured to trigger a false positive.

point #2: I am bemused to see ESET detecting and complaining about Windows Defender, which I have disabled, but not AVAST, which I actually use. (after all, everyone insists using multiple AV programs at once is counterproductive.)
~~~~

first result: it's reporting Win32/Adware.Toolbar.Dealio application... except there are no extraneous toolbars attached to anything on this comp. *scan completes* it's pointing at a progam's installer, but not anything else on the system. my memory of installation is hazy, but the fact there's nothing else of that anywhere on the system tells me it's some optional thing which I, like anyone with a clue about security, opted out of. verdict: irrelevant.

second result: Win32/RemoteAdmin.NetCat application - declaration of malware in the installer to a somewhat glitchy utility I don't have installed. verdict: being that I haven't had a use for it I'll just throw that installer into the incinerator.

third result: declaration of the installer for a freeware game (whose status is kinda muddy so we'll not talk about it's identity) being associated with OpenCandy ( Win32/OpenCandy application ). having seen this and researched, none of the symptoms of an OpenCandy infection are present on this machine. no popups, no "c'mon install _______, you know you want to!"s, etc.verdict: possible FP.



and then ESET tries to whore out their commercial products at me. *sweatdrop*

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 28 September 2011 - 12:52 PM

All these items are indeed "questionable", and mostly remnants, nothing to worry about.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 October 2011 - 10:37 AM

WELL.
sidestepping the copy/pasted standard list of stuff I already do and programs I already use...


today, from a cold boot, it did the thing with the Client MAC Address, GUID, and DHCP with the spinning line, but didn't fuss/repeat when I force shut it down and powered back on without popping the network cable.

first time since that day in the past, n' the only thing I've installed since then is an update for a game I know is clean. nothing else has been noticably out of whack.

MBAM fullscan still says clean. . . :/ maybe vista developed a bug. if I had the means to do so, at this point, I'd be doing a flatten/pave/reinstall session, I think. sadly, I do not.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 07 October 2011 - 10:55 AM

It is also possible that it is a quirk in your connection, especially since it occurred only once.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 08 October 2011 - 10:19 AM

well, twice. either way, it seems weird to be having windows seemingly cease loading like that, even so infrequently. never had it happen with the other machine I used to be responsible for (laptop, kinda failed hardcore and won't even POST) on the same router/modem/comcast, so it sets off my paranoia mode.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 08 October 2011 - 10:38 AM

I understand why that would make you a bit suspicious, although it could be just a coincidence.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:53 AM

Posted 23 October 2011 - 03:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users