Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im pretty sure iv got a virus, but i don't know what??


  • Please log in to reply
9 replies to this topic

#1 billybuxton

billybuxton

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 24 February 2012 - 02:12 PM

Hi People
I'm new here and I'm looking for a little help with a virus problem.

I use software called Ableton Live to make music and it's basically become unusable, because all it does is stutter
while the CPU metre keeps bouncing up and down.

The software is all brought and paid for and iv been using it for around a year with no problems until about 2 days ago.

Iv tried reinstalling Ableton and my soundcard drivers with no luck

Iv also done virus scans with the following software

1.Avast
2.Malwarebytes
3.Spybot - Search & Destroy
4.AVG

Im on Windows 7

Also my computer is a lot slower than usual when booting up and streaming videos etc


Can you offer any help ? Or is it time for a new computer ?
Thanks :thumbup2:

Edited by billybuxton, 24 February 2012 - 07:10 PM.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:32 PM

Posted 24 February 2012 - 07:49 PM

Hi,

After performing these scans, enter the results in your next post and also update me on the status of the PC.

Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.

================================================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================================

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

================================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

=============================================================================

Also, if you're running both Avast! and AVG, you need to disable and/or remove one of them from your computer. I suggest removing AVG.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 billybuxton

billybuxton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 25 February 2012 - 05:09 PM

Hi
Thanks for replying

Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Internet Security
AVG PC Tuneup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
AVG PC Tuneup
Java™ 6 Update 30
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````






GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-25 22:07:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 Maxtor_6V300F0 rev.VA111630
Running: vr0rzy7i.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8A305DC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9094C904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8A306832]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8A30B25C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8A30B2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8A30B39A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8A30B1CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8A30B2EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8A30B212]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8A30B354]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8A305E10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9094C9DE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8A305AA2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8A305E5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8A308C94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8A306AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8A30B286]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8A30B2CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8A30B3BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8A30B1F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8A30B326]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8A30B23A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8A30B378]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9094CB4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8A3069A2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8A305EA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8A305EF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8A305B12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8A305CB6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8A305C5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8A305D26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9094CC0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8A305F40]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9094CA8A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90962A72]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 834789A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 834984E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1393 8349F750 4 Bytes [C4, 5D, 30, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 8349F778 4 Bytes [04, C9, 94, 90] {ADD AL, 0xc9; XCHG ESP, EAX; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 141B 8349F7D8 4 Bytes [32, 68, 30, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 8349F82C 8 Bytes [5C, B2, 30, 8A, A8, B2, 30, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 147B 8349F838 4 Bytes [9A, B3, 30, 8A]
.text ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8362540E 5 Bytes JMP 9095F96C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 8364C916 5 Bytes JMP 90961444 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 8365306F 4 Bytes CALL 8A307189 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 8368FC8D 4 Bytes CALL 8A30719F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 837157D4 7 Bytes JMP 90962A76 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFntCacheLookUp + 8B1F 940701E5 5 Bytes JMP 8A3094AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 3819 940842B2 5 Bytes JMP 8A3095F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 310 940A0BA4 5 Bytes JMP 8A30A032 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 4C63 940A54F7 5 Bytes JMP 8A308EFC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 60B0 940A6944 5 Bytes JMP 8A30A262 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + BE0A 940AC69E 5 Bytes JMP 8A309684 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + C059 940AC8ED 5 Bytes JMP 8A309776 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 650 940C6385 5 Bytes JMP 8A308CCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 70E 940C6443 5 Bytes JMP 8A30969C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 38FE 940C9633 5 Bytes JMP 8A308DC6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 39BC 940C96F1 5 Bytes JMP 8A308DDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EF5 940CDD77 5 Bytes JMP 8A3094DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2AB5 940D7748 5 Bytes JMP 8A3092FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + AC45 940DF8D8 5 Bytes JMP 8A308F6C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 14EF5 940E9B88 5 Bytes JMP 8A309F04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 5068 941012DE 5 Bytes JMP 8A309FAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 42AA 9410EC81 5 Bytes JMP 8A30A46A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnlockSurface + B259 94124534 5 Bytes JMP 8A309FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnlockSurface + CC18 94125EF3 2 Bytes JMP 8A30B4BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnlockSurface + CC1B 94125EF6 2 Bytes [1E, F6]
.text win32k.sys!EngDeleteClip + 480C 94136D98 5 Bytes JMP 8A308E9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEqualRgn + 4150 94144CCA 5 Bytes JMP 8A30925C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEqualRgn + B398 9414BF12 5 Bytes JMP 8A30A320 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteRgn + 2198 94162CBF 5 Bytes JMP 8A309124 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 8676 94183DF9 5 Bytes JMP 8A30A3C8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 2EC6 9419BDDB 5 Bytes JMP 8A30A1AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 3457 9419C36C 5 Bytes JMP 8A309028 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 6545 9419F45A 5 Bytes JMP 8A3096B4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 968D 941A25A2 5 Bytes JMP 8A30907C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + BF58 941A4E6D 5 Bytes JMP 8A30975E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 63BF 941B0FCE 5 Bytes JMP 8A3091C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0930000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0930123 629 Bytes [B5, 92, A0, FE, 05, 34, B5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0930399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A09303FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A09304AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\user\Desktop\vr0rzy7i.exe[188] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[532] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[532] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[532] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[532] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[540] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[552] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\services.exe[580] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[580] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[580] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[604] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00780A08
.text C:\Windows\system32\lsass.exe[604] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 007803FC
.text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00780804
.text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 007801F8
.text C:\Windows\system32\lsass.exe[604] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00780600
.text C:\Windows\system32\taskeng.exe[608] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[608] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[608] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[608] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[608] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[608] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[608] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[608] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000B01F8
.text C:\Windows\system32\lsm.exe[612] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[724] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[724] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[724] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[792] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[792] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[932] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[932] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[932] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[932] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[932] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[932] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[932] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[932] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00310A08
.text C:\Windows\System32\svchost.exe[956] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003103FC
.text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00310804
.text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003101F8
.text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00310600
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 005A0A08
.text C:\Windows\System32\svchost.exe[988] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 005A03FC
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 005A0804
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 005A01F8
.text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 005A0600
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00FF0A08
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 00FF03FC
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00FF0804
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 00FF01F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00FF0600
.text C:\Windows\system32\AUDIODG.EXE[1124] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00490A08
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 004903FC
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00490804
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 004901F8
.text C:\Windows\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00490600
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1340] kernel32.dll!SetUnhandledExceptionFilter 75A8F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1340] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1452] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1452] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1452] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1452] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\Dwm.exe[1452] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[1452] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00090804
.text C:\Windows\system32\Dwm.exe[1452] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[1452] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00090600
.text C:\Windows\Explorer.EXE[1496] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1496] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1496] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1496] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.EXE[1496] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[1496] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00110804
.text C:\Windows\Explorer.EXE[1496] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.EXE[1496] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\sppsvc.exe[1556] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1724] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1724] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1724] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[1724] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\taskhost.exe[1752] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1752] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1752] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1752] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskhost.exe[1752] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskhost.exe[1752] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskhost.exe[1752] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskhost.exe[1752] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[1812] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001E0600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000801F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2164] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001103FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00110804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001101F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2196] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[2276] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2276] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2276] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2668] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[2668] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[2668] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2668] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[2668] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[2668] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[2668] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[2668] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00140600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2692] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002403FC
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00240804
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002401F8
.text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2728] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00240600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2736] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00100600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000503FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000501F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] kernel32.dll!SetUnhandledExceptionFilter 75A8F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000E0A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000E03FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000E0804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000E01F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2744] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2812] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00210600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2916] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00200600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3172] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3280] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtCreateFile + 6 771B55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtCreateFile + B 771B55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtMapViewOfSection + 6 771B5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtMapViewOfSection + 6 771B5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtMapViewOfSection + B 771B5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenFile + 6 771B5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenFile + B 771B5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcess + 6 771B5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcess + B 771B5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessToken + B 771B5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessTokenEx + 6 771B5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenProcessTokenEx + B 771B5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThread + 6 771B5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThread + B 771B5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadToken + 6 771B5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadToken + B 771B5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtOpenThreadTokenEx + B 771B5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryAttributesFile + 6 771B5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryAttributesFile + B 771B5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtQueryFullAttributesFile + B 771B5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationFile + 6 771B663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationFile + B 771B6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationThread + 6 771B669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtSetInformationThread + B 771B66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtUnmapViewOfSection + 6 771B69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtUnmapViewOfSection + 6 771B69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!NtUnmapViewOfSection + B 771B69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00130804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3440] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00130600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateFile + 6 771B55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtCreateFile + B 771B55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtMapViewOfSection + 6 771B5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtMapViewOfSection + 6 771B5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtMapViewOfSection + B 771B5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenFile + 6 771B5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenFile + B 771B5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcess + 6 771B5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcess + B 771B5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessToken + B 771B5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessTokenEx + 6 771B5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenProcessTokenEx + B 771B5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThread + 6 771B5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThread + B 771B5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadToken + 6 771B5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadToken + B 771B5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtOpenThreadTokenEx + B 771B5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryAttributesFile + 6 771B5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryAttributesFile + B 771B5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtQueryFullAttributesFile + B 771B5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationFile + 6 771B663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationFile + B 771B6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationThread + 6 771B669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtSetInformationThread + B 771B66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtUnmapViewOfSection + 6 771B69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtUnmapViewOfSection + 6 771B69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!NtUnmapViewOfSection + B 771B69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00230A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00230804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3460] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00230600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3468] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3616] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtCreateFile + 6 771B55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtCreateFile + B 771B55D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + 6 771B5C2E 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + 6 771B5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtMapViewOfSection + B 771B5C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenFile + 6 771B5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenFile + B 771B5CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcess + 6 771B5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcess + B 771B5D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessToken + B 771B5DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessTokenEx + 6 771B5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenProcessTokenEx + B 771B5DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThread + 6 771B5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThread + B 771B5E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadToken + 6 771B5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadToken + B 771B5E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtOpenThreadTokenEx + B 771B5E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryAttributesFile + 6 771B5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryAttributesFile + B 771B5F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtQueryFullAttributesFile + B 771B5FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationFile + 6 771B663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationFile + B 771B6643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationThread + 6 771B669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtSetInformationThread + B 771B66A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + 6 771B69BE 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + 6 771B69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!NtUnmapViewOfSection + B 771B69C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 001903FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 001901F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00230A08
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 002303FC
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00230804
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 002301F8
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3704] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00230600
.text C:\Windows\system32\svchost.exe[3780] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3780] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3780] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3924] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[3924] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[3924] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3924] user32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 00380A08
.text C:\Windows\System32\svchost.exe[3924] user32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 003803FC
.text C:\Windows\System32\svchost.exe[3924] user32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 00380804
.text C:\Windows\System32\svchost.exe[3924] user32.dll!SetWinEventHook 764124DC 5 Bytes JMP 003801F8
.text C:\Windows\System32\svchost.exe[3924] user32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 00380600
.text C:\Windows\system32\SearchProtocolHost.exe[3964] ntdll.dll!LdrUnloadDll 771CC86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchProtocolHost.exe[3964] ntdll.dll!LdrLoadDll 771D223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchProtocolHost.exe[3964] kernel32.dll!GetBinaryTypeW + 70 75AA69F4 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!UnhookWindowsHookEx 7640ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!UnhookWinEvent 7640B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!SetWindowsHookExW 7640E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!SetWinEventHook 764124DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!SetWindowsHookExA 76436D0C 5 Bytes JMP 000F0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1340] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7305F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EA2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E85600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E856BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EA24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E98514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E94CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E9506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E95144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E96671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E9826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E987BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E9901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E9E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1496] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E94BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7305F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F96D0CA1-395A-4EF3-B9AA-0D7A5307A2DC}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96D0CA1-395A-4EF3-B9AA-0D7A5307A2DC}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96D0CA1-395A-4EF3-B9AA-0D7A5307A2DC}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96D0CA1-395A-4EF3-B9AA-0D7A5307A2DC}@Hash 0x79 0x8E 0xB4 0x71 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96D0CA1-395A-4EF3-B9AA-0D7A5307A2DC}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96D0CA1-395A-4EF3-B9AA-0D7A5307A2DC}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {F96D0CA1-395A-4EF3-B9AA-0D7A5307A2DC}

---- EOF - GMER 1.0.15 ----

#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:32 PM

Posted 25 February 2012 - 08:29 PM

How's the computer behaving now?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 billybuxton

billybuxton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 25 February 2012 - 08:35 PM

I think the super antispyware removed something

Il do a boot time scan with Avast now and then see how everything is...

Thanks for the help :thumbup2:

#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:32 PM

Posted 25 February 2012 - 08:36 PM

You're welcome. :thumbup2:

If you're still experiencing issues, let me know and I can direct you further.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 billybuxton

billybuxton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2012 - 02:06 PM

Hi again

I did a boot time scan with Avast and it didn't find anything but my computer is still acting a little weird

Its stuttering and freezing when playing music or streaming videos, its really annoying

Do you know what else i could try to fix this ?

Thank you

#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:32 PM

Posted 26 February 2012 - 06:07 PM

Assuming it's not hardware related, we can make sure your computer is free of malware.

--------------------------------------------------------------

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 billybuxton

billybuxton
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 26 February 2012 - 08:34 PM

Thanks for all your help
:thumbup2:
Iv just posted a new topic in the removal section

#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:32 PM

Posted 26 February 2012 - 08:34 PM

You're welcome.

Good luck. :thumbup2:

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users