Yesterday I ran a SuperAntiSpyware scan that found 2 trojans it quarantined and then deleted. Further scans with Avast and MalwareBytes found nothing, but on reboot I get stdrt.exe starting up. I found it because the computer was running slow, so I called up Task Manager. I can't find it when I scan or do a manual search, so I need help removing this please. I'm on Windows Vista. I don't know how long those trojans were on the system, but probably not long since I had done a SAS scan just 2 days prior with no results.
Here are the requested logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:24 AM, on 10/20/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Stacia\Videos etc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Omea - {35402C01-1777-4159-9ABA-3480BA70D90A} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Clip and Edit - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
O8 - Extra context menu item: Clip and Save - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
O8 - Extra context menu item: Copy to Semagic - C:\Stacia\programs\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Stacia\programs\Semagic\link.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Users\Stacia MTEC\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
O8 - Extra context menu item: Subscribe to Feed - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted IP range: http://192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{03505D01-3DBB-46C0-9FFF-2066171C8D51}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{03505D01-3DBB-46C0-9FFF-2066171C8D51}: NameServer = 8.8.8.8,8.8.4.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regw2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
--
End of file - 7060 bytes
------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 3/3/2009 12:21:25 AM
System Uptime: 10/20/2012 7:01:01 AM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA3
Processor: AMD Athlon(tm) Processor LE-1660 | Socket AM2 | 1000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 8.979 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 0.554 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1344: 10/18/2012 7:44:10 PM - Scheduled Checkpoint
RP1345: 10/19/2012 6:48:07 AM - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking.
RP1346: 10/19/2012 7:02:41 AM - Installed Dragon NaturallySpeaking 11.
RP1347: 10/20/2012 12:41:46 AM - Scheduled Checkpoint
RP1348: 10/20/2012 10:14:55 AM - Installed Kaspersky Security Scan.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
AAMT (Shared Components)
AC3Filter 1.63b
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Audacity 1.3.14 (Unicode)
avast! Free Antivirus
Avi2Dvd 0.6.4
AviSynth 2.5
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities My Printer
CCleaner
Compatibility Pack for the 2007 Office system
CoreAAC Audio Decoder (remove only)
CyberLink DVD Suite Deluxe
DHTML Editing Component
DivX Setup
DT3500 Software
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Emdat InScribe Utilities - Version 4.92.3
Express Dictate
Express Scribe
ffdshow [rev 3299] [2010-03-03]
FileZilla Client 3.5.3
Free Merge MP3 4.4.9
Google Update Helper
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
ImgBurn
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
JetBrains Omea Reader
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
ljArchive
Malwarebytes Anti-Malware version 1.65.1.1000
MediaInfo 0.7.57
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Home and Student 60 day trial
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ENCOREPROEX)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
mIRC
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird (3.1.15)
MSXML 4.0 SP2 (KB954430)
muvee Reveal
MyDefrag v4.3.1
NVIDIA Drivers
PictureMover
Portforward Static IP Address 1.0.45
Power2Go
PowerDirector
Prism Video File Converter
Python 2.5.2
Quick Look Electronic Drug Reference 2007
Quick Look Electronic Drug Reference 2007 (Shared Components)
Ready Reference Bookshelf
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RssBandit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
ShadowExplorer 0.8
Stedman's Plus Spellchecker 2005 Standard Edition (Shared Components)
SUPERAntiSpyware
Switch Sound File Converter
The AAMT Book of Style Electronic 2E 1.0
Unlocker 1.9.1
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
VLC media player 2.0.3
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
WinX DVD Ripper 5.5.3
Works Suite OS Pack
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Xvid Video Codec
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
10/20/2012 7:03:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt Lbd SRTSP SRTSPX
10/20/2012 7:03:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FLEXnet Licensing Manager for Adobe Products service to connect.
10/20/2012 7:03:02 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/20/2012 7:03:02 AM, Error: Service Control Manager [7000] - The FLEXnet Licensing Manager for Adobe Products service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2012 9:08:28 AM, Error: Service Control Manager [7031] - The ZoneAlarm LTD Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/18/2012 5:25:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (ENCOREPROEX) service to connect.
10/18/2012 5:25:42 PM, Error: Service Control Manager [7000] - The SQL Server (ENCOREPROEX) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Stacia MTEC at 10:27:35 on 2012-10-20
Microsoft® Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.1918.918 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\ShadowExplorer\sesvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {f999a48b-1950-4d81-9971-79018f807b4b} - <orphaned>
BHO: COmeaHelper Object: {09628AAA-66AD-4FA2-82E2-698185B66463} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Omea: {35402C01-1777-4159-9ABA-3480BA70D90A} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [ISW] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip and Edit - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1000
IE: Clip and Save - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1001
IE: Copy to Semagic - c:\stacia\programs\semagic\copy.htm
IE: Semagic - c:\stacia\programs\semagic\link.htm
IE: Subscribe in RSS Bandit - c:\users\stacia mtec\appdata\roaming\rssbandit\iecontext_subscribebandit.htm
IE: Subscribe to Feed - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1002
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: Interfaces\{03505D01-3DBB-46C0-9FFF-2066171C8D51} : NameServer = 8.8.8.8,8.8.4.4
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stacia mtec\appdata\roaming\mozilla\firefox\profiles\dtiugya4.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchrom ebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\stacia mtec\desktop\extras\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-08-20 23:25; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-16 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-16 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-16 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-16 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-16 44808]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2002-1-25 6144]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 MSSQL$ENCOREPROEX;SQL Server (ENCOREPROEX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2012-7-26 9216]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [2012-10-19 833342]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-31 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-31 116648]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
.
=============== Created Last 30 ================
.
2012-10-20 15:09:19 -------- d-----w- c:\programdata\RegRun
2012-10-20 15:08:42 2 --shatr- c:\windows\winstart.bat
2012-10-20 05:44:57 20 ----a-w- c:\windows\system32\setup.bat
2012-10-20 05:44:57 1652 ----a-w- c:\windows\system32\setup.reg
2012-10-19 11:47:38 833342 ----a-w- c:\windows\system32\regw2.exe
2012-10-16 09:17:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-16 09:17:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-15 13:50:03 -------- d-----w- C:\Phone Pics - Vegas
2012-10-13 07:56:04 -------- d-----w- c:\users\stacia mtec\appdata\local\Macromedia
2012-10-05 09:46:37 -------- d-----w- C:\The Killer Inside Me
2012-10-05 09:20:35 -------- d-----w- C:\House of Mirth
2012-10-05 09:12:00 -------- d-----w- c:\program files\SlySoft
2012-10-03 07:50:32 -------- d-----w- c:\users\stacia mtec\appdata\local\Apple Computer
2012-10-03 07:47:17 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-03 07:45:39 -------- d-----w- c:\users\stacia mtec\appdata\local\Apple
.
==================== Find3M ====================
.
2012-10-16 09:16:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-13 07:53:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 07:53:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 04:23:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-21 04:23:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-03 21:05:42 1869820 ----a-w- c:\program files\PKTMP000.exe
2011-06-03 21:05:42 1869820 ----a-w- c:\program files\avi.NET v3.5.0.0.exe
2010-12-24 19:18:18 69632 ----a-w- c:\program files\PKTMP001.exe
2009-10-31 18:13:04 2661254 ----a-w- c:\program files\AC3Filter v1.63b.exe
2009-02-25 00:30:06 4182178 ----a-w- c:\program files\Avisynth v2.5.8.exe
2005-10-20 17:04:08 38912 ----a-w- c:\program files\AUTOBACK.EXE
2005-10-20 17:03:08 140288 ----a-w- c:\program files\NTREGOPT.EXE
2005-10-20 17:02:28 163328 ----a-w- c:\program files\ERDNT.E_E
2005-10-20 17:00:28 157696 ----a-w- c:\program files\ERUNT.EXE
2004-11-17 18:39:44 734160 ----a-w- c:\program files\VobSub v2.2.3.exe
2001-08-14 04:20:46 707072 ----a-w- c:\program files\ws_ftple.exe
2001-03-24 15:17:24 61440 ----a-w- c:\program files\reminder.exe
.
============= FINISH: 10:28:13.58 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-20 11:34:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000053 ST325031 rev.3.AH
Running: 4d1m5pog.exe; Driver: C:\Users\STACIA~1\AppData\Local\Temp\pgldypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8BEA8708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8C9567C8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8C83026C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8C830B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8BEA911C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8C82FCC2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8BEB3F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8BEB3F74]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8C829586]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8BEB40F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8C84AE92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8BEB3E96]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8C8307CC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8C844E1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8C845244]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8C84F46E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8BEB3EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8BEA9310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8BEB40B0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8C83092A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8BEA9A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8BEA8756]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8C82A2B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8C84C8DE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8C84C1F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8C843C00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8C9568AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8BEA83BE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8C84D2A8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8C84D4E6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8C84D998]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8BEA87A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8BEAD456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8BEAA464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8BEB3F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8BEB3F96]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8C829E6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8BEB411A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8BEB3EBC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8C847334]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8BEB403A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8BEB3F06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x8C846F22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8BEB40D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8C956A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8BEAA330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8BEA9EDA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8C84E36E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8C84DC62]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8C82F86A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8C84EDCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8C82FF8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8BEA87F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8BEA8840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8BEA991C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8C82A6C0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8C84E8F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8BEA8448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8BEA85F8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8C84B954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8BEA859E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8BEA9BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8BEA9D5A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8C845F40]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8C8CF640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8BEA9794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8BEA888E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8C956962]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8BEA9498]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8C8456B8]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 820E9890 4 Bytes [08, 87, EA, 8B]
.text ntkrnlpa.exe!KeSetEvent + 131 820E98B4 4 Bytes [C8, 67, 95, 8C] {ENTER 0x9567, 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 13D 820E98C0 8 Bytes [6C, 02, 83, 8C, 34, 0B, 83, ...]
.text ntkrnlpa.exe!KeSetEvent + 191 820E9914 4 Bytes [1C, 91, EA, 8B]
.text ntkrnlpa.exe!KeSetEvent + 1C1 820E9944 4 Bytes [C2, FC, 82, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 822145C7 5 Bytes JMP 8C96B806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8226D4F3 5 Bytes JMP 8C96D320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82276E18 4 Bytes CALL 8BEAAB07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8227AA8C 4 Bytes CALL 8BEAAB1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B40F340, 0x3DC617, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 4537 94A7FC80 5 Bytes JMP 8BEADF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + 104A 94A8FE8E 5 Bytes JMP 8BEADFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 94A98EA9 5 Bytes JMP 8BEAEBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 94A99C95 5 Bytes JMP 8BEAED3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 94AA23F7 5 Bytes JMP 8BEAD48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 94AA334E 5 Bytes JMP 8BEAE9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 94AAEA94 5 Bytes JMP 8BEADDDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 94AAFEFF 5 Bytes JMP 8BEAD6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46BD 94AB004E 5 Bytes JMP 8BEAE08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C52 94AB05E3 5 Bytes JMP 8BEAE0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 523A 94AB0BCB 5 Bytes JMP 8BEADC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 94AC9A35 5 Bytes JMP 8BEADB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 94AC9A89 5 Bytes JMP 8BEADE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 94AF0A8E 5 Bytes JMP 8BEAE86E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 94AF33ED 5 Bytes JMP 8BEAD592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 94AF9D2E 5 Bytes JMP 8BEAD756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 94B041CC 5 Bytes JMP 8BEAEDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 94B070B4 5 Bytes JMP 8BEAD5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 94B10EE7 5 Bytes JMP 8BEAE95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B948 94B21445 5 Bytes JMP 8BEADFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 94B254E5 5 Bytes JMP 8BEAEB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 94B2BBB3 5 Bytes JMP 8BEAE918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 94B2F32A 5 Bytes JMP 8BEAEA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 94B36C49 5 Bytes JMP 8BEAD682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 94B551BC 5 Bytes JMP 8BEAD93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 94B5AA3A 5 Bytes JMP 8BEAD812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 94B5E572 5 Bytes JMP 8BEAEC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3775 94B76954 5 Bytes JMP 8BEADFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 94B7CA97 5 Bytes JMP 8BEAD866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 94B892F1 5 Bytes JMP 8BEADA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10CD4 94B8CD5C 5 Bytes JMP 8BEAD9D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0xA433C41C]
.clc c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0xA433D000, 0x1000, 0xE0000020]
? C:\Users\STACIA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[616] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\csrss.exe[624] KERNEL32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text ...
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1248] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[1408] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe[1580] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000903FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 762EA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 62AF9720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!MapViewOfFile 763068F0 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!MapViewOfFile 763068F0 4 Bytes JMP 62D2E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!VirtualAlloc 7630AD55 4 Bytes JMP 62D2E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] GDI32.dll!CreateDIBSection 76DF7461 5 Bytes JMP 62D2E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00250600
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00250804
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00250A08
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 002501F8
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 002503FC
.text C:\Windows\System32\spoolsv.exe[1960] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000D01F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000D03FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 009103FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00910600
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00911014
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00910804
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00910A08
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00910C0C
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00910E10
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!CreateServiceA 76B872A1 3 Bytes JMP 009101F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!CreateServiceA + 4 76B872A5 1 Byte [89]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00920600
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00920804
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00920A08
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 009201F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 009203FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000B03FC
.text C:\Program Files\ShadowExplorer\sesvc.exe[2056] KERNEL32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 008B03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 008B0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 008B1014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 008B0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 008B0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 008B0C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 008B0E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 008B01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 009E0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 009E0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 009E0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 009E01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 009E03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000D01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000D03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000F03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000F0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000F1014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000F0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000F0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000F0C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000F0E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000F01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00100600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00100804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00100A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001001F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2232] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2256] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2256] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2256] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[2788] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\Taskmgr.exe[3428] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Taskmgr.exe[3428] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Taskmgr.exe[3428] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000C1014
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000C0C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000C0E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000D0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000D0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000D03FC
.text C:\Windows\system32\taskeng.exe[3492] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3492] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3492] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[3572] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3572] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3572] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[3648] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3648] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3648] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3648] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000C0600
.text C:\Windows\Explorer.EXE[3648] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000C0804
.text C:\Windows\Explorer.EXE[3648] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000C0A08
.text C:\Windows\Explorer.EXE[3648] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000C01F8
.text C:\Windows\Explorer.EXE[3648] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000C03FC
.text C:\hp\support\hpsysdrv.exe[3896] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 001501F8
.text C:\hp\support\hpsysdrv.exe[3896] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 001503FC
.text C:\hp\support\hpsysdrv.exe[3896] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00170600
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00170804
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00170A08
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001701F8
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001703FC
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001803FC
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00180600
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00181014
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00180804
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00180A08
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00180C0C
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00180E10
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\rundll32.exe[3916] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[3916] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[3916] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 008C03FC
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 008C0600
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 008C1014
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 008C0804
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 008C0A08
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 008C0C0C
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 008C0E10
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 008C01F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4000] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001903FC
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00190600
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00191014
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 3 Bytes JMP 00190804
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfigA + 4 76B86DDD 1 Byte [89]
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00190A08
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00190C0C
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00190E10
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001901F8
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 001A0600
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 001A0804
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 001A0A08
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001A03FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000401F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000403FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] kernel32.dll!SetUnhandledExceptionFilter 762EA84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 009803FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00980600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00981014
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00980804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00980A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00980C0C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00980E10
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 009801F8
.text C:\Windows\System32\svchost.exe[4336] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[4336] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[4336] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 001501F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 001503FC
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001A03FC
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 001A0600
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 001A1014
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 001A0804
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 001A0A08
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 001A0C0C
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 001A0E10
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001A01F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 001B0600
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 001B0804
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 001B0A08
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001B01F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001B03FC
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
Here are the requested logs:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:24 AM, on 10/20/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Stacia\Videos etc\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Omea - {35402C01-1777-4159-9ABA-3480BA70D90A} - C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Clip and Edit - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
O8 - Extra context menu item: Clip and Save - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
O8 - Extra context menu item: Copy to Semagic - C:\Stacia\programs\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Stacia\programs\Semagic\link.htm
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Users\Stacia MTEC\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
O8 - Extra context menu item: Subscribe to Feed - res://C:\Program Files\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted IP range: http://192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{03505D01-3DBB-46C0-9FFF-2066171C8D51}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{03505D01-3DBB-46C0-9FFF-2066171C8D51}: NameServer = 8.8.8.8,8.8.4.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Manager for Adobe Products (FLEXnet Licensing Manager) - - C:\Windows\system32\regw2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
--
End of file - 7060 bytes
------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 3/3/2009 12:21:25 AM
System Uptime: 10/20/2012 7:01:01 AM (3 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA3
Processor: AMD Athlon(tm) Processor LE-1660 | Socket AM2 | 1000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 8.979 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 0.554 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1344: 10/18/2012 7:44:10 PM - Scheduled Checkpoint
RP1345: 10/19/2012 6:48:07 AM - Installed Visual C++ 9.0 Runtime for Dragon NaturallySpeaking.
RP1346: 10/19/2012 7:02:41 AM - Installed Dragon NaturallySpeaking 11.
RP1347: 10/20/2012 12:41:46 AM - Scheduled Checkpoint
RP1348: 10/20/2012 10:14:55 AM - Installed Kaspersky Security Scan.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
AAMT (Shared Components)
AC3Filter 1.63b
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Audacity 1.3.14 (Unicode)
avast! Free Antivirus
Avi2Dvd 0.6.4
AviSynth 2.5
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities My Printer
CCleaner
Compatibility Pack for the 2007 Office system
CoreAAC Audio Decoder (remove only)
CyberLink DVD Suite Deluxe
DHTML Editing Component
DivX Setup
DT3500 Software
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Emdat InScribe Utilities - Version 4.92.3
Express Dictate
Express Scribe
ffdshow [rev 3299] [2010-03-03]
FileZilla Client 3.5.3
Free Merge MP3 4.4.9
Google Update Helper
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
ImgBurn
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
JetBrains Omea Reader
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
ljArchive
Malwarebytes Anti-Malware version 1.65.1.1000
MediaInfo 0.7.57
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Home and Student 60 day trial
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ENCOREPROEX)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
mIRC
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird (3.1.15)
MSXML 4.0 SP2 (KB954430)
muvee Reveal
MyDefrag v4.3.1
NVIDIA Drivers
PictureMover
Portforward Static IP Address 1.0.45
Power2Go
PowerDirector
Prism Video File Converter
Python 2.5.2
Quick Look Electronic Drug Reference 2007
Quick Look Electronic Drug Reference 2007 (Shared Components)
Ready Reference Bookshelf
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RssBandit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
ShadowExplorer 0.8
Stedman's Plus Spellchecker 2005 Standard Edition (Shared Components)
SUPERAntiSpyware
Switch Sound File Converter
The AAMT Book of Style Electronic 2E 1.0
Unlocker 1.9.1
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
VLC media player 2.0.3
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
WinX DVD Ripper 5.5.3
Works Suite OS Pack
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Xvid Video Codec
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
10/20/2012 7:03:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt Lbd SRTSP SRTSPX
10/20/2012 7:03:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FLEXnet Licensing Manager for Adobe Products service to connect.
10/20/2012 7:03:02 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/20/2012 7:03:02 AM, Error: Service Control Manager [7000] - The FLEXnet Licensing Manager for Adobe Products service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2012 9:08:28 AM, Error: Service Control Manager [7031] - The ZoneAlarm LTD Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/18/2012 5:25:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (ENCOREPROEX) service to connect.
10/18/2012 5:25:42 PM, Error: Service Control Manager [7000] - The SQL Server (ENCOREPROEX) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Stacia MTEC at 10:27:35 on 2012-10-20
Microsoft® Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.1918.918 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\ShadowExplorer\sesvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {f999a48b-1950-4d81-9971-79018f807b4b} - <orphaned>
BHO: COmeaHelper Object: {09628AAA-66AD-4FA2-82E2-698185B66463} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Omea: {35402C01-1777-4159-9ABA-3480BA70D90A} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [ISW] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip and Edit - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1000
IE: Clip and Save - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1001
IE: Copy to Semagic - c:\stacia\programs\semagic\copy.htm
IE: Semagic - c:\stacia\programs\semagic\link.htm
IE: Subscribe in RSS Bandit - c:\users\stacia mtec\appdata\roaming\rssbandit\iecontext_subscribebandit.htm
IE: Subscribe to Feed - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1002
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: Interfaces\{03505D01-3DBB-46C0-9FFF-2066171C8D51} : NameServer = 8.8.8.8,8.8.4.4
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stacia mtec\appdata\roaming\mozilla\firefox\profiles\dtiugya4.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchrom ebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\stacia mtec\desktop\extras\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-08-20 23:25; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-16 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-16 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-16 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-16 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-16 44808]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [2002-1-25 6144]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 MSSQL$ENCOREPROEX;SQL Server (ENCOREPROEX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2012-7-26 9216]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [2012-10-19 833342]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-31 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-31 116648]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
.
=============== Created Last 30 ================
.
2012-10-20 15:09:19 -------- d-----w- c:\programdata\RegRun
2012-10-20 15:08:42 2 --shatr- c:\windows\winstart.bat
2012-10-20 05:44:57 20 ----a-w- c:\windows\system32\setup.bat
2012-10-20 05:44:57 1652 ----a-w- c:\windows\system32\setup.reg
2012-10-19 11:47:38 833342 ----a-w- c:\windows\system32\regw2.exe
2012-10-16 09:17:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-16 09:17:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-15 13:50:03 -------- d-----w- C:\Phone Pics - Vegas
2012-10-13 07:56:04 -------- d-----w- c:\users\stacia mtec\appdata\local\Macromedia
2012-10-05 09:46:37 -------- d-----w- C:\The Killer Inside Me
2012-10-05 09:20:35 -------- d-----w- C:\House of Mirth
2012-10-05 09:12:00 -------- d-----w- c:\program files\SlySoft
2012-10-03 07:50:32 -------- d-----w- c:\users\stacia mtec\appdata\local\Apple Computer
2012-10-03 07:47:17 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-03 07:45:39 -------- d-----w- c:\users\stacia mtec\appdata\local\Apple
.
==================== Find3M ====================
.
2012-10-16 09:16:19 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-13 07:53:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 07:53:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 04:23:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-21 04:23:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-03 21:05:42 1869820 ----a-w- c:\program files\PKTMP000.exe
2011-06-03 21:05:42 1869820 ----a-w- c:\program files\avi.NET v3.5.0.0.exe
2010-12-24 19:18:18 69632 ----a-w- c:\program files\PKTMP001.exe
2009-10-31 18:13:04 2661254 ----a-w- c:\program files\AC3Filter v1.63b.exe
2009-02-25 00:30:06 4182178 ----a-w- c:\program files\Avisynth v2.5.8.exe
2005-10-20 17:04:08 38912 ----a-w- c:\program files\AUTOBACK.EXE
2005-10-20 17:03:08 140288 ----a-w- c:\program files\NTREGOPT.EXE
2005-10-20 17:02:28 163328 ----a-w- c:\program files\ERDNT.E_E
2005-10-20 17:00:28 157696 ----a-w- c:\program files\ERUNT.EXE
2004-11-17 18:39:44 734160 ----a-w- c:\program files\VobSub v2.2.3.exe
2001-08-14 04:20:46 707072 ----a-w- c:\program files\ws_ftple.exe
2001-03-24 15:17:24 61440 ----a-w- c:\program files\reminder.exe
.
============= FINISH: 10:28:13.58 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-20 11:34:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000053 ST325031 rev.3.AH
Running: 4d1m5pog.exe; Driver: C:\Users\STACIA~1\AppData\Local\Temp\pgldypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8BEA8708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8C9567C8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8C83026C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x8C830B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8BEA911C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8C82FCC2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8BEB3F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8BEB3F74]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8C829586]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8BEB40F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8C84AE92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8BEB3E96]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8C8307CC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8C844E1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8C845244]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8C84F46E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8BEB3EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8BEA9310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8BEB40B0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8C83092A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8BEA9A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8BEA8756]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8C82A2B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8C84C8DE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8C84C1F6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8C843C00]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8C9568AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8BEA83BE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8C84D2A8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8C84D4E6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8C84D998]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8BEA87A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8BEAD456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8BEAA464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8BEB3F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8BEB3F96]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8C829E6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8BEB411A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8BEB3EBC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8C847334]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8BEB403A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8BEB3F06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x8C846F22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8BEB40D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8C956A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8BEAA330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8BEA9EDA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8C84E36E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8C84DC62]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8C82F86A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8C84EDCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8C82FF8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8BEA87F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8BEA8840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8BEA991C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8C82A6C0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x8C84E8F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8BEA8448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8BEA85F8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8C84B954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8BEA859E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8BEA9BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8BEA9D5A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8C845F40]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8C8CF640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8BEA9794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8BEA888E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8C956962]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8BEA9498]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8C8456B8]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 820E9890 4 Bytes [08, 87, EA, 8B]
.text ntkrnlpa.exe!KeSetEvent + 131 820E98B4 4 Bytes [C8, 67, 95, 8C] {ENTER 0x9567, 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 13D 820E98C0 8 Bytes [6C, 02, 83, 8C, 34, 0B, 83, ...]
.text ntkrnlpa.exe!KeSetEvent + 191 820E9914 4 Bytes [1C, 91, EA, 8B]
.text ntkrnlpa.exe!KeSetEvent + 1C1 820E9944 4 Bytes [C2, FC, 82, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 822145C7 5 Bytes JMP 8C96B806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 8226D4F3 5 Bytes JMP 8C96D320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82276E18 4 Bytes CALL 8BEAAB07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8227AA8C 4 Bytes CALL 8BEAAB1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B40F340, 0x3DC617, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 4537 94A7FC80 5 Bytes JMP 8BEADF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + 104A 94A8FE8E 5 Bytes JMP 8BEADFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 94A98EA9 5 Bytes JMP 8BEAEBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 94A99C95 5 Bytes JMP 8BEAED3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 94AA23F7 5 Bytes JMP 8BEAD48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 94AA334E 5 Bytes JMP 8BEAE9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3103 94AAEA94 5 Bytes JMP 8BEADDDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 456E 94AAFEFF 5 Bytes JMP 8BEAD6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46BD 94AB004E 5 Bytes JMP 8BEAE08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C52 94AB05E3 5 Bytes JMP 8BEAE0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 523A 94AB0BCB 5 Bytes JMP 8BEADC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119C6 94AC9A35 5 Bytes JMP 8BEADB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A1A 94AC9A89 5 Bytes JMP 8BEADE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 94AF0A8E 5 Bytes JMP 8BEAE86E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 94AF33ED 5 Bytes JMP 8BEAD592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 94AF9D2E 5 Bytes JMP 8BEAD756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B42 94B041CC 5 Bytes JMP 8BEAEDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 94B070B4 5 Bytes JMP 8BEAD5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 94B10EE7 5 Bytes JMP 8BEAE95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B948 94B21445 5 Bytes JMP 8BEADFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 81C 94B254E5 5 Bytes JMP 8BEAEB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6EEA 94B2BBB3 5 Bytes JMP 8BEAE918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 94B2F32A 5 Bytes JMP 8BEAEA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 94B36C49 5 Bytes JMP 8BEAD682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 94B551BC 5 Bytes JMP 8BEAD93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 94B5AA3A 5 Bytes JMP 8BEAD812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 94B5E572 5 Bytes JMP 8BEAEC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3775 94B76954 5 Bytes JMP 8BEADFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 94B7CA97 5 Bytes JMP 8BEAD866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D269 94B892F1 5 Bytes JMP 8BEADA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10CD4 94B8CD5C 5 Bytes JMP 8BEAD9D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0xA433C41C]
.clc c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0xA433D000, 0x1000, 0xE0000020]
? C:\Users\STACIA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[616] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\csrss.exe[624] KERNEL32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\services.exe[664] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text ...
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1108] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1248] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1364] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[1408] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe[1580] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1592] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1620] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000903FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 762EA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 62AF9720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!MapViewOfFile 763068F0 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!MapViewOfFile 763068F0 4 Bytes JMP 62D2E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!VirtualAlloc 7630AD55 4 Bytes JMP 62D2E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] GDI32.dll!CreateDIBSection 76DF7461 5 Bytes JMP 62D2E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00250600
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00250804
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00250A08
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 002501F8
.text C:\Windows\system32\svchost.exe[1884] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 002503FC
.text C:\Windows\System32\spoolsv.exe[1960] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000D01F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000D03FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 009103FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00910600
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00911014
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00910804
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00910A08
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00910C0C
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00910E10
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!CreateServiceA 76B872A1 3 Bytes JMP 009101F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] ADVAPI32.dll!CreateServiceA + 4 76B872A5 1 Byte [89]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00920600
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00920804
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00920A08
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 009201F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2024] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 009203FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2028] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000B03FC
.text C:\Program Files\ShadowExplorer\sesvc.exe[2056] KERNEL32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 008B03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 008B0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 008B1014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 008B0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 008B0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 008B0C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 008B0E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 008B01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 009E0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 009E0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 009E0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 009E01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2156] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 009E03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000D01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000D03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000F03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000F0600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000F1014
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000F0804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000F0A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000F0C0C
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000F0E10
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000F01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00100600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00100804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00100A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001001F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2172] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2204] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2204] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2204] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2232] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2232] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2232] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[2244] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2256] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2256] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2256] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2256] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2256] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[2788] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[2788] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[2788] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[2788] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\Taskmgr.exe[3428] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Taskmgr.exe[3428] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Taskmgr.exe[3428] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Taskmgr.exe[3428] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Taskmgr.exe[3428] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 000C1014
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 000C0C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 000C0E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000D0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000D0804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3476] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000D03FC
.text C:\Windows\system32\taskeng.exe[3492] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3492] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3492] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3492] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3492] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[3572] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[3572] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[3572] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[3572] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[3572] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[3648] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3648] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3648] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3648] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3648] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 000C0600
.text C:\Windows\Explorer.EXE[3648] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 000C0804
.text C:\Windows\Explorer.EXE[3648] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 000C0A08
.text C:\Windows\Explorer.EXE[3648] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000C01F8
.text C:\Windows\Explorer.EXE[3648] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000C03FC
.text C:\hp\support\hpsysdrv.exe[3896] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 001501F8
.text C:\hp\support\hpsysdrv.exe[3896] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 001503FC
.text C:\hp\support\hpsysdrv.exe[3896] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00170600
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00170804
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00170A08
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001701F8
.text C:\hp\support\hpsysdrv.exe[3896] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001703FC
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001803FC
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00180600
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00181014
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00180804
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00180A08
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00180C0C
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00180E10
.text C:\hp\support\hpsysdrv.exe[3896] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001801F8
.text C:\Windows\System32\rundll32.exe[3916] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000601F8
.text C:\Windows\System32\rundll32.exe[3916] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000603FC
.text C:\Windows\System32\rundll32.exe[3916] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Windows\System32\rundll32.exe[3916] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 008C03FC
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 008C0600
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 008C1014
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 008C0804
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 008C0A08
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 008C0C0C
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 008C0E10
.text C:\Windows\System32\rundll32.exe[3916] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 008C01F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4000] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001903FC
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00190600
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00191014
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 3 Bytes JMP 00190804
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfigA + 4 76B86DDD 1 Byte [89]
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00190A08
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00190C0C
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00190E10
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001901F8
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 001A0600
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 001A0804
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 001A0A08
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001A01F8
.text C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe[4080] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001A03FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000401F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000403FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] kernel32.dll!SetUnhandledExceptionFilter 762EA84F 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 00070600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 00070804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 00070A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 009803FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00980600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00981014
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00980804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00980A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00980C0C
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00980E10
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4092] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 009801F8
.text C:\Windows\System32\svchost.exe[4336] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[4336] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[4336] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[4336] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 000701F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ntdll.dll!LdrLoadDll 77A693A8 5 Bytes JMP 001501F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ntdll.dll!LdrUnloadDll 77A7B740 5 Bytes JMP 001503FC
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] kernel32.dll!GetBinaryTypeW + 70 76312247 1 Byte [62]
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!CreateServiceW 76B49EB4 5 Bytes JMP 001A03FC
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!DeleteService 76B4A07E 5 Bytes JMP 001A0600
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!SetServiceObjectSecurity 76B86CD9 5 Bytes JMP 001A1014
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfigA 76B86DD9 5 Bytes JMP 001A0804
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfigW 76B86F81 5 Bytes JMP 001A0A08
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfig2A 76B87099 5 Bytes JMP 001A0C0C
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!ChangeServiceConfig2W 76B871E1 5 Bytes JMP 001A0E10
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] ADVAPI32.dll!CreateServiceA 76B872A1 5 Bytes JMP 001A01F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!SetWindowsHookExA 76226322 5 Bytes JMP 001B0600
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!SetWindowsHookExW 762287AD 5 Bytes JMP 001B0804
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!UnhookWindowsHookEx 762298DB 5 Bytes JMP 001B0A08
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!SetWinEventHook 76229F3A 5 Bytes JMP 001B01F8
.text C:\Stacia\Videos etc\4d1m5pog.exe[5384] USER32.dll!UnhookWinEvent 7622C06F 5 Bytes JMP 001B03FC
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----