A second window keeps opening when I am online - logs/attachments included

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

beckri

Thread Starter
Joined
Jan 22, 2003
Messages
199
This is the thread where I originally asked for help:
http://forums.techguy.org/virus-other-malware-removal/1025925-wondering-if-theres-malware-my.html

When I go online I often notice that a second window appears. It's usually an insurance/dating/"you won" types of sites. I just close it and notice no further issues with it. Each day I run Malwarebytes and SuperAntiSpyware now. Malwarebytes hasn't found anything. But SAS typically will find 60-200 cookies.

Hopefully I've run each of these right (I'm not tech-savvy):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:11:39 PM, on 12/2/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Users\Riggy\Desktop\Rebecca\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{E68B48FA-870E-42C5-B3C5-9057308DC2A2}: NameServer = 216.70.0.1,216.70.0.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6572 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Riggy at 16:45:06 on 2011-12-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1292 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: discovercard.com\www
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{90CD442F-C728-49F9-9E17-7BDA83291501} : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{E68B48FA-870E-42C5-B3C5-9057308DC2A2} : NameServer = 216.70.0.1,216.70.0.2
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRfox000&ptb=FyslWjtCIql.MNunG.wGOw&psa=&ind=2010032419&ptnrS=ZRfox000&si=&st=kwd&n=77cea923&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\riggy\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-11 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-6 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-6 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-2-24 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-18 21504]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 94208]
S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S3 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-18 266240]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-9-18 29184]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-15 02:16:17 90146 ----a-w- c:\programdata\SPLDE2D.tmp
2011-11-14 23:36:23 90146 ----a-w- c:\programdata\SPLB25E.tmp
2011-11-09 23:50:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-09 23:40:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-11 19:51:11 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:48:14.24 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-02 18:59:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HM160HI rev.HH100-10
Running: dfrnzr3b.exe; Driver: C:\Users\Riggy\AppData\Local\Temp\fglorpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D0ECFC4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D0EF456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D0EF4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D0EF5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D0EF3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D0EF4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D0EF400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D0EF572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D0ECFE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D0ECDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D0ED00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D0EF9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D0EDAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D0EF486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D0EF4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D0EF5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D0EF3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D0EF53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D0EF42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D0EF59C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D0ED96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D0ED030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D0ED054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D0ECE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D0ECF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D0ECF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D0ECF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D0ED078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D70C7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 828F2890 4 Bytes [C4, CF, 0E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828F2954 8 Bytes [56, F4, 0E, 8D, AE, F4, 0E, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828F2960 4 Bytes [C4, F5, 0E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828F2978 4 Bytes [AC, F3, 0E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 828F2998 8 Bytes [FE, F4, 0E, 8D, 00, F4, 0E, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A1D62F 5 Bytes JMP 8D70969C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A76543 5 Bytes JMP 8D70B15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A7FE68 4 Bytes CALL 8D0EE025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A83ADC 4 Bytes CALL 8D0EE03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AD7DCA 7 Bytes JMP 8D70C7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C007340, 0x3ED9C7, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 4537 95E7FC90 5 Bytes JMP 8D0F00D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C03 95EA2417 5 Bytes JMP 8D0EF9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F6 95EAEAA7 5 Bytes JMP 8D0EFF90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4569 95EAFF1A 5 Bytes JMP 8D0EFB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 119BE 95EC9A45 5 Bytes JMP 8D0EFDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A12 95EC9A99 5 Bytes JMP 8D0EFFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DE 95EF33DD 5 Bytes JMP 8D0EFABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D3F 95EF9D2E 5 Bytes JMP 8D0EFC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 95F070B4 5 Bytes JMP 8D0EFAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4728 95F36C09 5 Bytes JMP 8D0EFB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E80 95F551A4 5 Bytes JMP 8D0EFD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 248 95F5AA22 5 Bytes JMP 8D0EFC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A0F 95F7CA67 5 Bytes JMP 8D0EFCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D229 95F89281 5 Bytes JMP 8D0EFD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\Riggy\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00070600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00070804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00070A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000703FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 003603FC
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00360600
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00361014
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00360804
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00360A08
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00360C0C
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00360E10
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 003601F8
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00370600
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00370804
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00370A08
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 003701F8
.text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 003703FC
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[648] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[648] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[688] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[688] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[688] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[688] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 001C0600
.text C:\Windows\System32\svchost.exe[688] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 001C0804
.text C:\Windows\System32\svchost.exe[688] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 001C0A08
.text C:\Windows\System32\svchost.exe[688] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001C01F8
.text C:\Windows\System32\svchost.exe[688] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001C03FC
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[692] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[692] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[692] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[692] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[692] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\lsass.exe[708] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\lsass.exe[708] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[720] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[788] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[788] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[788] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[788] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[788] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[788] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[788] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[788] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\winlogon.exe[796] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000701F8
.text C:\Windows\system32\winlogon.exe[796] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000703FC
.text C:\Windows\system32\winlogon.exe[796] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000903FC
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00090600
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00091014
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00090804
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00090A08
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00090C0C
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00090E10
.text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 000A0600
.text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 000A0804
.text C:\Windows\system32\winlogon.exe[796] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 000A0A08
.text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000A01F8
.text C:\Windows\system32\winlogon.exe[796] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 004A0600
.text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 004A0804
.text C:\Windows\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 004A0A08
.text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 004A01F8
.text C:\Windows\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 004A03FC
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 002B0600
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 002B0804
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 002B0A08
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 002B01F8
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 002B03FC
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 005A0600
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 005A0804
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 005A0A08
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 005A01F8
.text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 005A03FC
.text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00380600
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00380804
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00380A08
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 003801F8
.text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 003803FC
.text C:\Windows\system32\AUDIODG.EXE[1160] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 002C0600
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 002C0804
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 002C0A08
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 002C01F8
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 002C03FC
.text C:\Windows\system32\lxdncoms.exe[1244] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\lxdncoms.exe[1244] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\lxdncoms.exe[1244] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
.text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001303FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1452] kernel32.dll!SetUnhandledExceptionFilter 7756A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00150600
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00150804
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00150A08
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001501F8
.text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1808] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1808] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 001B0600
.text C:\Windows\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 001B0804
.text C:\Windows\system32\svchost.exe[1808] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 001B0A08
.text C:\Windows\system32\svchost.exe[1808] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001B01F8
.text C:\Windows\system32\svchost.exe[1808] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001B03FC
.text C:\Windows\System32\svchost.exe[2076] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2076] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2076] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[2084] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[2084] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[2084] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[2084] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00090600
.text C:\Windows\system32\Dwm.exe[2084] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00090804
.text C:\Windows\system32\Dwm.exe[2084] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\Dwm.exe[2084] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[2084] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2112] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2112] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2112] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[2112] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[2112] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[2112] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001403FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
.text C:\Windows\Explorer.EXE[2176] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[2176] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[2176] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[2176] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[2176] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[2176] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[2176] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[2176] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2196] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2196] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2196] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2196] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2196] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2276] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2276] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2276] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00280600
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00280804
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00280A08
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 002801F8
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 002803FC
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 002903FC
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00290600
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00291014
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00290804
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00290A08
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00290C0C
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00290E10
.text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 002901F8
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2508] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2516] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2516] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2516] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
.text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00090600
.text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00090804
.text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00090A08
.text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000901F8
.text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000903FC
.text C:\Windows\ehome\ehmsas.exe[2652] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[2652] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[2652] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000703FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2828] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2828] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2828] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2856] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2856] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2856] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2880] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2880] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2880] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001401F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001403FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00160600
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00160804
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00160A08
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00170600
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00171014
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00170804
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00170A08
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00170C0C
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00170E10
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r627 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 5120 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{cdb50c61-1d35-11e1-a58e-001b24f3611f}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{cdb50c61-1d35-11e1-a58e-001b24f3611f}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{cdb50c61-1d35-11e1-a58e-001b24f3611f}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----
 

Attachments

beckri

Thread Starter
Joined
Jan 22, 2003
Messages
199
Starting yesterday, I now get two windows that open. This morning one had something to do with a rugby game and the other was some sort of "I finally got pregnant" ad of some sort. Does anyone know if someone could've added some sort of code to my blog without me knowing? (Meaning someone outside of my home... remotely?)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top