1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Almost all of services at services.msc always gets disabled then returns to normal af

Discussion in 'Virus & Other Malware Removal' started by Jamox, Jan 10, 2013.

Thread Status:
Not open for further replies.
  1. Jamox

    Jamox Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    3
    Thanks for reading my problem i need help really bad coz it's becoming such a hassle i work in a place where i always need network connections but something keeps disabling my network connection mixers etc. almost all of services in my pc but after i reboot everything is restored to normal well until it gets disabled later again help me please i am just an ordinary guy i dont know how to fix these kinds of problems myself iv'e tried so many anti virus but nothing seems to help you guys are my last hope thx...



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:45:51 PM, on 1/10/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    C:\WINDOWS\system32\KaraokeSer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\SERVER\My Documents\Downloads\HijackThis.exe

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    --
    End of file - 5159 bytes





    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 6.0.2900.5512
    Run by SERVER at 15:46:54 on 2013-01-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1176 [GMT -8:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    C:\WINDOWS\system32\KaraokeSer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    C:\WINDOWS\System32\svchost.exe -k dot3svc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: SFCDisable = dword:-99
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoResolveTrack = dword:1
    uPolicies-Explorer: NoSMConfigurePrograms = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoSMHelp = dword:1
    mPolicies-Explorer: NoResolveTrack = dword:1
    mPolicies-Explorer: NoSMConfigurePrograms = dword:1
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{9206DE15-CC7C-4247-A3E5-283B36148197} : DHCPNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\server\application data\mozilla\firefox\profiles\zpy4mlbc.default\
    FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\qfaservices.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-4 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-4 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-4 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-4 44808]
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2013-1-4 153600]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2013-1-4 121856]
    R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2013-1-4 88688]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-7 398184]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-7 21104]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2013-1-4 36096]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-1-4 2551664]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-7 682344]
    S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    S4 cozek;Task Manager;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    .
    =============== Created Last 30 ================
    .
    2013-01-10 18:14:33 266360 ----a-w- c:\windows\system32\TweakUI.exe
    2013-01-10 18:05:24 237072 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-10 17:48:07 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
    2013-01-09 23:55:19 -------- d--h--w- c:\windows\PIF
    2013-01-09 21:34:00 -------- d--h--w- c:\windows\system32\GroupPolicy
    2013-01-08 20:25:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-08 20:25:11 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 03:11:30 -------- d-----w- c:\documents and settings\server\local settings\application data\Apple
    2013-01-08 03:10:10 -------- d-----w- c:\documents and settings\server\local settings\application data\Apple Computer
    2013-01-07 19:45:49 -------- d-----w- c:\documents and settings\server\application data\Malwarebytes
    2013-01-07 19:45:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-01-07 19:45:35 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-07 19:45:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-06 02:16:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2013-01-06 02:16:23 -------- d-----w- c:\windows\system32\wbem\Repository
    2013-01-06 00:33:22 -------- d-----w- c:\windows\system32\LogFiles
    2013-01-05 19:27:45 -------- d-----w- c:\documents and settings\server\local settings\application data\Ahead
    2013-01-05 19:23:44 -------- d-----w- c:\documents and settings\all users\application data\LightScribe
    2013-01-05 18:33:50 -------- d-----w- c:\program files\VideoLAN
    2013-01-05 18:18:05 -------- d-----w- c:\program files\Nero
    2013-01-05 18:17:51 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe
    2013-01-05 18:17:51 47616 ----a-w- c:\program files\windows media player\msoobci.dll
    2013-01-05 18:17:31 -------- d-----w- c:\windows\RegisteredPackages
    2013-01-05 18:05:09 -------- d-----w- c:\documents and settings\server\application data\Kyocera
    2013-01-05 18:03:57 -------- d-----w- c:\documents and settings\server\application data\NVIDIA
    2013-01-05 17:25:50 -------- d-----w- c:\documents and settings\server\local settings\application data\Adobe
    2013-01-05 17:21:34 -------- d-----w- c:\program files\common files\Macrovision Shared
    2013-01-05 04:08:16 -------- d-----w- C:\Binaries
    2013-01-05 04:07:33 -------- d-----w- c:\program files\Kyocera
    2013-01-05 03:58:13 -------- d-----w- c:\windows\pss
    2013-01-05 03:52:13 -------- d-----w- c:\documents and settings\server\local settings\application data\ABBYY
    2013-01-05 03:47:54 -------- d-----w- c:\program files\common files\ABBYY
    2013-01-05 03:47:54 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint
    2013-01-05 03:47:54 -------- d-----w- c:\documents and settings\all users\application data\ABBYY
    2013-01-05 03:42:04 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2013-01-05 03:39:16 342016 ----a-w- c:\windows\system32\eswiaud.dll
    2013-01-05 03:39:16 15872 ----a-w- c:\windows\system32\escdev.dll
    2013-01-05 03:39:16 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2013-01-05 03:39:14 -------- d-----w- c:\program files\epson
    2013-01-05 03:38:00 -------- d-----w- c:\program files\common files\EPSON
    2013-01-05 03:37:58 -------- d-----w- c:\documents and settings\all users\application data\EPSON
    2013-01-05 03:37:24 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
    2013-01-05 03:37:22 93696 ----a-w- c:\windows\system32\E_FLBGGC.DLL
    2013-01-05 03:37:22 63488 ----a-w- c:\windows\system32\E_FD4BGGC.DLL
    2013-01-05 03:23:26 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-01-05 03:22:56 41224 ----a-w- c:\windows\avastSS.scr
    2013-01-05 03:22:41 -------- d-----w- c:\program files\AVAST Software
    2013-01-05 03:22:41 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2013-01-05 03:10:06 8704 ----a-r- c:\windows\system32\viahdcpl.cpl
    2013-01-05 03:10:02 2551664 ----a-r- c:\windows\system32\drivers\viahduaa.sys
    2013-01-05 03:03:35 36096 ----a-r- c:\windows\system32\drivers\usbfilter.sys
    2013-01-05 03:03:27 11832 ----a-r- c:\windows\system32\drivers\amdide.sys
    2013-01-05 03:03:27 -------- d-----w- c:\windows\system32\ReinstallBackups
    2013-01-05 02:53:55 1706640 ------r- c:\windows\RtlExUpd.dll
    2013-01-05 02:38:06 -------- d-----w- c:\documents and settings\server\local settings\application data\Google
    2013-01-05 02:33:07 -------- d-----w- c:\documents and settings\server\local settings\application data\Innovative Solutions
    2013-01-05 02:33:05 -------- d-----w- c:\program files\Innovative Solutions
    2013-01-05 02:29:20 329960 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
    2013-01-05 02:29:16 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
    2013-01-05 02:29:15 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
    2013-01-05 02:29:04 -------- d-----w- c:\program files\Realtek
    2013-01-05 02:26:55 -------- d-----w- C:\f9d96b0d8dcf6d6e2f4a
    2013-01-05 02:23:44 -------- d-----w- c:\windows\system32\Tools
    2013-01-05 02:23:38 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
    2013-01-05 02:23:10 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2013-01-05 02:21:44 -------- d-----w- c:\documents and settings\server\local settings\application data\Mozilla
    2013-01-05 02:20:42 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-01-05 02:20:23 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2013-01-05 01:43:49 -------- d-----w- c:\documents and settings\all users\application data\Ralink Driver
    2013-01-05 01:37:39 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2013-01-05 01:37:39 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2013-01-05 01:35:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2013-01-05 01:34:32 -------- d-----w- c:\windows\SHELLNEW
    2013-01-05 01:34:15 -------- d-----w- c:\documents and settings\server\local settings\application data\Microsoft Help
    2013-01-05 01:10:58 1255912 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
    2013-01-05 01:10:58 -------- d-----w- c:\windows\OPTIONS
    2013-01-05 01:10:52 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
    2013-01-05 01:10:52 -------- d-----w- c:\program files\REALTEK PCIE Wireless LAN Driver
    2013-01-05 01:06:48 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
    2013-01-05 01:06:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
    2013-01-05 01:06:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2013-01-05 01:06:48 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
    2013-01-05 01:06:48 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
    2013-01-05 01:06:48 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
    2013-01-05 01:06:47 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
    2013-01-05 01:05:24 -------- d-----w- c:\documents and settings\server\local settings\application data\ATI
    2013-01-05 00:59:57 -------- d-----w- c:\program files\ATI
    2013-01-05 00:58:19 -------- d-----w- c:\windows\system32\XPSViewer
    2013-01-05 00:58:02 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    .
    ==================== Find3M ====================
    .
    2013-01-05 19:26:51 90112 ----a-w- c:\windows\DUMP6447.tmp
    2013-01-05 02:45:37 1068312 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2013-01-05 02:45:37 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2013-01-05 02:45:35 1068312 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2013-01-05 01:00:34 0 ----a-w- c:\windows\ativpsrm.bin
    2012-10-20 15:07:06 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2012-10-20 15:07:06 7606272 ----a-w- c:\windows\system32\nvcuda.dll
    2012-10-20 15:07:06 5955584 ----a-w- c:\windows\system32\nvopencl.dll
    2012-10-20 15:07:06 4151424 ----a-w- c:\windows\system32\nv4_disp.dll
    2012-10-20 15:07:06 2611048 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-10-20 15:07:06 2438656 ----a-w- c:\windows\system32\nvapi.dll
    2012-10-20 15:07:06 19456000 ----a-w- c:\windows\system32\nvoglnt.dll
    2012-10-20 15:07:06 1873768 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-10-20 15:07:06 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-10-20 15:07:06 11042152 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2012-10-20 15:07:06 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
    .
    ============= FINISH: 15:47:12.06 ===============





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/4/2013 3:50:20 PM
    System Uptime: 1/10/2013 12:38:02 PM (3 hours ago)
    .
    Motherboard: | | RF-A78LMT
    Processor: AMD Athlon(tm) II X2 260 Processor | CPU 1 | 3193/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 99 GiB total, 88.595 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 50 GiB total, 46.751 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 1/9/2013 6:19:13 PM - System Checkpoint
    RP2: 1/10/2013 11:05:25 AM - YagBoLs
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 9.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.2
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Software Update
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Connect
    DriverMax 6
    EPSON ME 320 Series Manual
    EPSON ME 320 Series Printer Uninstall
    EPSON Scan
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB954550-v5)
    kuler
    Kyocera Product Library
    Kyocera TWAIN Driver
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (2.0.0.14)
    PDF Settings CS4
    Photoshop Camera Raw
    Platform
    QuickTime
    Ralink RT2860 Wireless LAN Card
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Driver
    Suite Shared Configuration CS4
    Tweak UI
    VIA Platform Device Manager
    VLC media player 2.0.5
    Windows Media Format Runtime
    WinRAR 4.20 beta 3 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2013 10:30:02 AM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
    1/8/2013 9:15:52 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/8/2013 6:46:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
    1/8/2013 6:46:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/8/2013 6:46:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/8/2013 6:46:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/8/2013 6:46:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/7/2013 3:30:49 PM, error: Service Control Manager [7034] - The EPSON V5 Service4(04) service terminated unexpectedly. It has done this 1 time(s).
    1/7/2013 3:30:46 PM, error: Service Control Manager [7034] - The EPSON V3 Service4(04) service terminated unexpectedly. It has done this 1 time(s).
    1/7/2013 1:08:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
    1/7/2013 1:08:16 PM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    1/5/2013 9:21:04 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/5/2013 3:22:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    1/5/2013 10:58:41 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    1/5/2013 10:01:31 AM, error: Service Control Manager [7034] - The VIA Karaoke digital mixer Service service terminated unexpectedly. It has done this 1 time(s).
    1/5/2013 1:59:03 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
    1/4/2013 7:12:47 PM, error: Service Control Manager [7023] - The Task Manager service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    1/4/2013 6:30:11 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -57512 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.110:123->65.55.21.13:123) is working properly.
    1/4/2013 4:59:22 PM, error: Service Control Manager [7000] - The MemAccDrv32 service failed to start due to the following error: The system cannot find the path specified.
    1/4/2013 3:50:24 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
    1/10/2013 9:36:00 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PCF that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9206DE15-CC7C-4247-A3E5. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================




    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-10 16:35:37
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 ST3160215A rev.3.AAD 149.05GB
    Running: bxuemx8i.exe; Driver: C:\DOCUME~1\SERVER\LOCALS~1\Temp\uxldypob.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB27E74BA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB28BCC22]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB27E7ED6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB2829811]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB27F2FA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB27F2FF4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB27F3176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB28291C5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB27F2F16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB27F3038]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB27F2F5E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB27E811C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB27F3130]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB27E893E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB27E7508]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB2829ED7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB282A18D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB27EC1C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB2829D42]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB2829BAD]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB28BCCEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB27E7170]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB27E7556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB27EC534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB27E93A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB27F2FD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB27F3016]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB27F319A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB2829521]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB27F2F3C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB27EBC3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB27F30BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB27F2F86]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB27EBF14]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB27F3154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB28BCE4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB2829A28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB27E9272]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB282987A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB27E8DD4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB28C97D2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB2828838]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB27E75A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB27E75F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB27E87BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB27E71FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB27E73AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB2829FDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB27E7350]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB27E8AF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB27E8C54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB27E741A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB27E84D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB27E8636]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB28BB41C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB27E7640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB27E7F1A]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB28D5E56]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2D10 8050459C 4 Bytes [EA, CC, 8B, B2]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [A4, 75, 7E, B2, F2, 75, 7E, ...] {MOVSB ; JNZ 0x81; MOV DL, 0xf2; JNZ 0x85; MOV DL, 0xbe; XCHG [ESI-0x4e], EDI}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [F8, 8A, 7E, B2, 54, 8C, 7E, ...]
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL B27E9A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP B28D2CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP B28D4810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP B28D5E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB53203C0, 0x72A0DA, 0xE8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP B27EDB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP B27EDA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP B27ED9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP B27EC688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP B27ED0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP B27EC7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP B27EDCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP B27ED8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP B27EDEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP B27EC834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP B27ED090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP B27ED16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP B27EC670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP B27EDE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP B27EDBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP B27EDA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 3617 BF88FFB6 5 Bytes JMP B27ECCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP B27ECE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP B27ED182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP B27ECC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP B27ECEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP B27EC944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP B27EC56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP B27ED0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP B27ECA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP B27ECB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP B27EC760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP B27EC8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP B27ECFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP B27EDD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\SERVER\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[292] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 64, EE, 00] {SUB [ESI+EBP*8+0x0], AH}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 67, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 64, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 65, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91C460
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 66, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 65, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 66, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91C4D1
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 64, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91C5FF
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 65, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 66, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 67, EE, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011701F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 011703FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 01741014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 01740804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 01740A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 01740C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 01740E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 017401F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 017403FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 01740600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01E20804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01E20A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01E20600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01E201F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01E203FC
    .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 9C, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 9F, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 9C, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 9D, FF, 00] {TEST AL, 0x9d; INC DWORD [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91D598
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 9E, FF, 00] {TEST AL, 0x9e; INC DWORD [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 9D, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 9E, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91D609
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 9C, FF, 00] {TEST AL, 0x9c; INC DWORD [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91D737
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 9D, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 9E, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 9F, FF, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 012901F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 012903FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 015E1014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 015E0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 015E0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 015E0C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 015E0E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 015E01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 015E03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 015E0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01CC0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01CC0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01CC0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01CC01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01CC03FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1564] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 6C, 16, 00] {SUB [ESI+EDX+0x0], CH}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 6F, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 6C, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 6D, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EC68
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 6E, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 6D, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 6E, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ECD9
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 6C, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE07
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 6D, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 6E, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 6F, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003F01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003F03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00881014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00880804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00880A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00880C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00880E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 008801F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 008803FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00880600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00F60804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00F60A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00F60600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00F601F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00F603FC
    .text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1664] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1664] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[1736] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE[1736] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[1752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[1752] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\KaraokeSer.exe[1924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\KaraokeSer.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2068] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[2068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2068] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[2068] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00981014
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00980804
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00980A08
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00980C0C
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00980E10
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 009801F8
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 009803FC
    .text C:\WINDOWS\System32\svchost.exe[2068] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00980600
    .text C:\WINDOWS\System32\svchost.exe[2068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 015B0804
    .text C:\WINDOWS\System32\svchost.exe[2068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 015B0A08
    .text C:\WINDOWS\System32\svchost.exe[2068] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 015B0600
    .text C:\WINDOWS\System32\svchost.exe[2068] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 015B01F8
    .text C:\WINDOWS\System32\svchost.exe[2068] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 015B03FC
    .text C:\WINDOWS\System32\svchost.exe[2232] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[2232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2232] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[2232] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 009C1014
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 009C0804
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 009C0A08
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 009C0C0C
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 009C0E10
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 009C01F8
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 009C03FC
    .text C:\WINDOWS\System32\svchost.exe[2232] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 009C0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 38, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 3B, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 38, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 39, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B911434
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 3A, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 39, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 3A, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9114A5
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 38, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9115D3
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 39, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 3A, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 3B, 3E, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007C01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 007C03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00B11014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00B10804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00B10A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00B10C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00B10E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 00B101F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 00B103FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00B10600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 011F0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011F0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 011F0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 011F01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 011F03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, EC, E1, 00] {SUB AH, CH; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, EF, E1, 00] {SUB BH, CH; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, EC, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, ED, E1, 00] {TEST AL, 0xed; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91B7E8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, EE, E1, 00] {TEST AL, 0xee; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, ED, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, EE, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91B859
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, EC, E1, 00] {TEST AL, 0xec; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91B987
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, ED, E1, 00] {SUB CH, CH; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, EE, E1, 00] {SUB DH, CH; LOOPZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, EF, E1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 010B01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 010B03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 01401014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 01400804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 01400A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 01400C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 01400E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 014001F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 014003FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 01400600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01AE0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01AE0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01AE0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01AE01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01AE03FC
    .text C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[2608] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00B01014
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00B00804
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00B00A08
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00B00C0C
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00B00E10
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 00B001F8
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 00B003FC
    .text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00B00600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003801F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003803FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00EC1014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00EC0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00EC0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00EC0C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00EC0E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 00EC01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 00EC03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00EC0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01580804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01580A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01580600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 015801F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 015803FC
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003801F8
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003803FC
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003E1014
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003E0804
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003E0A08
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003E0C0C
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003E0E10
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003E01F8
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003E0600
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\SERVER\My Documents\Downloads\bxuemx8i.exe[2904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3064] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3064] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes CALL 5F8FD187
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, EB, EC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes CALL 5F8FD677
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes JMP 5F8FD6D7
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91C2E4
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes JMP E2FF00EC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes JMP 5F8FD737
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes JMP E2FF00EC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91C355
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes CALL 5F8FD7E7
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91C483
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes JMP 5F8FDD37
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes JMP E2FF00EC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, EB, EC, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011601F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 011603FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 014B1014
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 014B0804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 014B0A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 014B0C0C
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 014B0E10
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 014B01F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 014B03FC
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 014B0600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01B90804
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01B90A08
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01B90600
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01B901F8
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01B903FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[3288] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3508] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[3508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3508] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[3508] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 010E1014
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 010E0804
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 010E0A08
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 010E0C0C
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 010E0E10
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 010E01F8
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 010E03FC
    .text C:\WINDOWS\System32\svchost.exe[3508] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 010E0600
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003701F8
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003703FC
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003E1014
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003E0804
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003E0A08
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003E0C0C
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003E0E10
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003E01F8
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003E03FC
    .text c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[3620] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003E0600

    ---- Services - GMER 2.0 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [DISABLED] cozek <-- ROOTKIT !!!

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Task Manager
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Provides launch functionality for DCOM services.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\cozek\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\cozek\[email protected] C:\WINDOWS\system32\nofupgi.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Task Manager
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 4
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Provides launch functionality for DCOM services.
    Reg HKLM\SYSTEM\ControlSet002\Services\cozek\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\cozek\[email protected] C:\WINDOWS\system32\nofupgi.dll

    ---- EOF - GMER 2.0 ----
     
  2. Jamox

    Jamox Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    3
  3. Jamox

    Jamox Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    3
    anyone?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084527

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice