1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

zip file corruption

Discussion in 'Virus & Other Malware Removal' started by Austocracy, Nov 17, 2011.

Thread Status:
Not open for further replies.
  1. Austocracy

    Austocracy Thread Starter

    Joined:
    Nov 17, 2011
    Messages:
    1
    Hello...When I ran Avast's boot time scan it came up with"lame_mod.exe Error 42125 (zip archive is corrupted)"...Im not really sure what this is, nor am i proficient enough with my computer (yet), to diagnose the issue...Any help would be greatly appreciated..I apologize if this post is a repeat..

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-17 16:28:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
    Running: giotemz1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfddipow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF05EF374]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF06562B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF0613829]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF05F1996]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF05F19EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF05F1B04]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF06131DD]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF05F18EC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF05F1A3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF05F1940]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF05F1AB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF05EF398]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF0613EEF]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF06141A5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF05F1D88]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF0613D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF0613BC5]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF0656368]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF05EF162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF05EF3BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF05F1EFC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF05EFE54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF05F19C6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF05F1A16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF05F1B2E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF0613539]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF05F1918]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF05F1BC0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF05F1A7E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF05F196E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF05F1CA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF05F1ADC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF0656400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF0613A40]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF05EFD1A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF0613892]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF065E6E2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF0612850]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF05EF3E0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF05EF404]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF05EF1BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF05EF2F8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF0613FF6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF05EF2D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF05EF31C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF05EF428]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF066B9A6]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP F0668E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL F05F04AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP F066B9AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP F06673DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8B43F80]
    .text win32k.sys!EngFreeUserMem + 674 BF809992 5 Bytes JMP F05F2E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813986 5 Bytes JMP F05F2D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF824339 5 Bytes JMP F05F20DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828CA3 5 Bytes JMP F05F2FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316EE 5 Bytes JMP F05F31BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B68E BF83A12C 5 Bytes JMP F05F2CC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF851A23 5 Bytes JMP F05F2016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E5B4 5 Bytes JMP F05F2326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E63F 5 Bytes JMP F05F24CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F8B2 5 Bytes JMP F05F1FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5457 BF864C81 5 Bytes JMP F05F2D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4128 BF873FD0 5 Bytes JMP F05F24A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF89482D 5 Bytes JMP F05F2EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF895305 5 Bytes JMP F05F3118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DEC BF89DC40 5 Bytes JMP F05F214A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9D8 BF8C21B0 5 Bytes JMP F05F21E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA612 5 Bytes JMP F05F2254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA892 5 Bytes JMP F05F228E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2F7 5 Bytes JMP F05F1F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19DF BF913433 5 Bytes JMP F05F2096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 25B3 BF914007 5 Bytes JMP F05F21AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F2C BF916980 5 Bytes JMP F05F25E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 18FC BF9463F2 5 Bytes JMP F05F3070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\alg.exe[208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[208] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[208] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[208] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[208] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\smss.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\System32\svchost.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\csrss.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[796] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[796] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[796] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[796] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\Owner\Desktop\giotemz1.exe[1432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] kernel32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 003003FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] kernel32.dll!SetProcessShutdownParameters 7C82C8FD 5 Bytes JMP 003001F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] kernel32.dll!SetLocaleInfoW 7C877FB3 5 Bytes JMP 00300600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!LookupAccountNameW 77DE5B59 5 Bytes JMP 00321C2C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!ReportEventW 77DF3681 5 Bytes JMP 00321A28
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!DeregisterEventSource 77DF79D3 5 Bytes JMP 00321620
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!RegisterEventSourceA 77DF7B60 5 Bytes JMP 00321218
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!ReportEventA 77DF7CB2 5 Bytes JMP 00321824
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!RegisterEventSourceW 77DF803C 5 Bytes JMP 0032141C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!RegConnectRegistryW 77DF817A 5 Bytes JMP 00321E30
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00321014
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00320804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00320C0C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320E10
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003201F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003203FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00320600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] Secur32.dll!LsaRegisterLogonProcess 77FE4D17 5 Bytes JMP 003301F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!GetWindowLongW 7E4188A6 5 Bytes JMP 00342238
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!GetWindowLongA 7E41945D 5 Bytes JMP 00342034
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 00342A48
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0034345C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 00343A68
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 00343054
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00340804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!GetPropW 7E4294B3 5 Bytes JMP 00341218
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!RemovePropW 7E42C076 5 Bytes JMP 00341A28
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetPropW 7E42C0B9 2 Bytes JMP 00341620
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetPropW + 3 7E42C0BC 2 Bytes [F1, 81]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 0034243C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 00342640
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00341E30
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00340A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 00341C2C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetPropA 7E430000 5 Bytes JMP 0034141C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!GetPropA 7E430042 5 Bytes JMP 00341014
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!RemovePropA 7E430094 5 Bytes JMP 00341824
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00340600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003401F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003403FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00343864
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!CreateDialogIndirectParamA 7E439B28 5 Bytes JMP 00342C4C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00343258
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 00342844
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!CreateDialogIndirectParamW 7E43F01F 5 Bytes JMP 00342E50
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00343660
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00340C0C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USER32.dll!LockWorkStation 7E46CD5E 5 Bytes JMP 00340E10
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USERENV.dll!RegisterGPNotification 769C8607 5 Bytes JMP 003601F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1892] USERENV.dll!UnregisterGPNotification 769D9894 5 Bytes JMP 003603FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] kernel32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 003003FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] kernel32.dll!SetProcessShutdownParameters 7C82C8FD 5 Bytes JMP 003001F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] kernel32.dll!SetLocaleInfoW 7C877FB3 5 Bytes JMP 00300600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!LookupAccountNameW 77DE5B59 5 Bytes JMP 00321C2C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!ReportEventW 77DF3681 5 Bytes JMP 00321A28
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!DeregisterEventSource 77DF79D3 5 Bytes JMP 00321620
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!RegisterEventSourceA 77DF7B60 5 Bytes JMP 00321218
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!ReportEventA 77DF7CB2 5 Bytes JMP 00321824
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!RegisterEventSourceW 77DF803C 5 Bytes JMP 0032141C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!RegConnectRegistryW 77DF817A 5 Bytes JMP 00321E30
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00321014
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00320804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00320C0C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320E10
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003201F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003203FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00320600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] Secur32.dll!LsaRegisterLogonProcess 77FE4D17 5 Bytes JMP 003301F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!GetWindowLongW 7E4188A6 5 Bytes JMP 00342238
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!GetWindowLongA 7E41945D 5 Bytes JMP 00342034
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 00342A48
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0034345C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 00343A68
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 00343054
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00340804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!GetPropW 7E4294B3 5 Bytes JMP 00341218
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!RemovePropW 7E42C076 5 Bytes JMP 00341A28
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetPropW 7E42C0B9 2 Bytes JMP 00341620
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetPropW + 3 7E42C0BC 2 Bytes [F1, 81]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 0034243C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 00342640
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00341E30
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00340A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 00341C2C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetPropA 7E430000 5 Bytes JMP 0034141C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!GetPropA 7E430042 5 Bytes JMP 00341014
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!RemovePropA 7E430094 5 Bytes JMP 00341824
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00340600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003401F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003403FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00343864
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!CreateDialogIndirectParamA 7E439B28 5 Bytes JMP 00342C4C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00343258
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 00342844
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!CreateDialogIndirectParamW 7E43F01F 5 Bytes JMP 00342E50
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00343660
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00340C0C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USER32.dll!LockWorkStation 7E46CD5E 5 Bytes JMP 00340E10
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USERENV.dll!RegisterGPNotification 769C8607 5 Bytes JMP 003601F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[1944] USERENV.dll!UnregisterGPNotification 769D9894 5 Bytes JMP 003603FC
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[2156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[2156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[2156] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[2156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[2156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[2156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[2156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[2156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[2156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\hkcmd.exe[2348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\hkcmd.exe[2348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\hkcmd.exe[2348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\hkcmd.exe[2348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\hkcmd.exe[2348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\System32\svchost.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[2408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[2408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[2408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[2408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[2408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[2408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[2408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[2408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe[2512] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe[2664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\BCMSMMSG.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\BCMSMMSG.exe[2708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\BCMSMMSG.exe[2708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\BCMSMMSG.exe[2708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\BCMSMMSG.exe[2708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\BCMSMMSG.exe[2708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\BCMSMMSG.exe[2708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[2760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe[2768] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[2788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[2788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[2788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[2788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[2788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[2788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[2788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Opera\Opera.exe[3228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Opera\Opera.exe[3228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Opera\Opera.exe[3228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Opera\Opera.exe[3228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Opera\Opera.exe[3228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Opera\Opera.exe[3228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Opera\Opera.exe[3228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Opera\Opera.exe[3228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Opera\Opera.exe[3228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Opera\Opera.exe[3228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe[3600] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\r55 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e} 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\attrib 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\All Users 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\All Users\Documents 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\All Users\Documents\My Videos 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\All Users\Documents\My Videos\Desktop.ini 151 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\All Users\Templates 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Local Settings 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Local Settings\Temp 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Local Settings\Temp\Attach.txt 7413 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Local Settings\Temp\DDS.txt 22720 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Local Settings\Temp\_avast_ 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\My Documents 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\My Documents\My Videos 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\My Documents\My Videos\Desktop.ini 182 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Start Menu 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Start Menu\Programs 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools\desktop.ini 62 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\CMD.EXE-087B4001.pf 16808 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf 30538 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf 14896 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf 80470 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\PEV.DAT-197C7726.pf 16666 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf 24168 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\SED.DAT-02B18853.pf 9762 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Prefetch\SORT.EXE-194AE83C.pf 15170 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\Sti_Trace.log 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\system32 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\system32\drivers 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\system32\WBEM 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\system32\WBEM\Logs 0 bytes
    File C:\## aswSnx private storage\r55\dds.com_{d8bc4664-1169-11e1-a97c-000d56585f1e}\image\WINDOWS\system32\WBEM\Logs\wbemprox.log 76 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes

    ---- EOF - GMER 1.0.15 ----


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:32:32 PM, on 11/17/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
    C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
    O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: BCMSMMSG.lnk = ?
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

    --
    End of file - 4113 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Owner at 14:20:55 on 2011-11-17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.29 [GMT -8:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    svchost.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
    C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Opera\Opera.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Windows Registry Repair Pro] c:\program files\3b software\windows registry repair pro\RegistryRepairPro.exe 4
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
    mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
    mRun: [BCMSMMSG] BCMSMMSG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bcmsmmsg.lnk - c:\windows\BCMSMMSG.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{DE1E95BB-5095-4A3A-B2D1-908C28CA7B53} : DhcpNameServer = 192.168.0.1
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-28 38920]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-28 42376]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-28 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-28 320856]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-28 16008]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-28 184072]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-28 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-28 44768]
    R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-10-30 60040]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-11-6 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-11-6 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-11-6 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-11-6 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-11-6 25704]
    .
    =============== Created Last 30 ================
    .
    2011-11-17 22:01:26 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-17 22:01:17 -------- d-----w- c:\program files\Trend Micro
    2011-11-17 19:40:19 -------- d-----w- c:\documents and settings\owner\application data\Juce VST Host
    2011-11-17 18:49:12 -------- d-----w- c:\documents and settings\owner\application data\GlarySoft
    2011-11-17 18:38:31 -------- d-----w- c:\program files\Foxit Software
    2011-11-17 18:03:26 -------- d-----w- c:\documents and settings\owner\application data\PrimoPDF
    2011-11-17 17:50:15 180624 ----a-w- c:\windows\system32\Primomonnt.dll
    2011-11-17 10:00:40 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
    2011-11-17 08:41:10 -------- d-----w- c:\documents and settings\owner\application data\NetMedia Providers
    2011-11-17 07:07:48 -------- d-----w- c:\program files\Glary Utilities
    2011-11-09 22:53:02 -------- d-----w- c:\program files\ASIO4ALL v2
    2011-11-09 20:11:04 1554944 ----a-w- c:\windows\system32\vorbis.acm
    2011-11-09 20:10:30 -------- d-----w- c:\program files\VstPlugins
    2011-11-09 20:10:25 -------- d-----w- c:\program files\Outsim
    2011-11-09 20:06:34 -------- d-----w- c:\program files\Image-Line
    2011-11-08 11:50:22 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
    2011-11-08 11:47:03 -------- d-sh--w- c:\documents and settings\owner\IETldCache
    2011-11-08 09:57:27 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-11-08 09:53:38 -------- d-----w- c:\windows\ie8updates
    2011-11-08 09:52:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-11-08 09:52:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-11-08 09:52:25 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-11-08 09:52:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-11-08 09:52:24 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-11-08 09:52:23 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-11-08 09:52:22 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-11-08 09:46:57 -------- dc-h--w- c:\windows\ie8
    2011-11-07 18:31:07 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-11-07 18:30:00 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-11-07 18:28:34 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-11-07 18:28:25 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-11-07 18:27:23 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-11-07 18:23:34 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
    2011-11-07 18:22:41 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-11-07 18:22:32 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-11-07 12:08:47 -------- d-----w- c:\windows\system32\scripting
    2011-11-07 12:08:08 -------- d-----w- c:\windows\l2schemas
    2011-11-07 12:08:04 -------- d-----w- c:\windows\system32\en
    2011-11-07 12:08:03 -------- d-----w- c:\windows\system32\bits
    2011-11-07 11:45:39 -------- d-----w- c:\windows\network diagnostic
    2011-11-06 17:02:06 -------- d-----w- c:\program files\uTorrent
    2011-11-06 17:01:11 -------- d-----w- c:\documents and settings\owner\local settings\application data\uTorrent
    2011-11-06 17:01:10 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
    2011-11-06 13:19:13 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2011-11-06 13:18:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-06 13:17:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-06 13:17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-06 11:31:46 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
    2011-11-06 11:31:29 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
    2011-11-06 11:31:13 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
    2011-11-06 11:30:13 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
    2011-11-06 11:25:45 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2011-11-06 11:24:54 496640 ----a-w- c:\windows\system32\xvid.ax
    2011-11-06 11:24:52 892928 ----a-w- c:\windows\system32\iconv.dll
    2011-11-06 11:24:52 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2011-11-06 10:06:57 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
    2011-11-06 10:05:59 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
    2011-11-06 10:02:25 -------- d--h--w- c:\windows\msdownld.tmp
    2011-11-06 10:02:05 -------- d-----w- c:\windows\Logs
    2011-11-06 10:01:40 -------- d-----w- c:\program files\Essentials Codec Pack
    2011-11-06 09:57:28 -------- d-----w- c:\documents and settings\owner\application data\Nullsoft
    2011-11-06 05:01:37 151768 ----a-w- c:\program files\bass_aac.dll
    2011-11-06 03:43:34 -------- d-----w- c:\documents and settings\owner\application data\xrecode2
    2011-11-04 18:49:02 -------- d-----w- c:\documents and settings\owner\local settings\application data\Geckofx
    2011-11-04 18:47:07 -------- d-----w- c:\documents and settings\owner\application data\MusicBee
    2011-10-31 10:10:11 -------- d-----w- c:\windows\system32\XPSViewer
    2011-10-31 10:09:24 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-10-31 10:09:05 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-10-31 10:09:05 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-10-31 10:09:04 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-10-31 10:09:04 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-10-31 10:09:04 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-10-31 10:09:04 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-10-31 10:09:04 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-10-31 10:09:04 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-10-31 10:09:03 -------- d--h--w- C:\43a0047f5e1b88530e2e6abc
    2011-10-31 10:03:35 -------- d-----w- c:\program files\MSXML 6.0
    2011-10-31 04:50:55 -------- d-----w- c:\program files\xrecode II
    2011-10-30 22:38:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sony
    2011-10-30 00:57:29 -------- d-----w- c:\windows\system32\LogFiles
    2011-10-29 22:57:59 -------- d-----w- c:\program files\MusicBee
    2011-10-29 04:37:44 -------- d-----w- c:\documents and settings\owner\application data\Uniblue
    2011-10-29 04:37:22 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware
    2011-10-29 03:34:17 -------- d--h--w- c:\windows\PIF
    2011-10-29 02:56:56 27136 -c----w- c:\windows\system32\dllcache\wmdmlog.dll
    2011-10-29 02:55:55 290304 ------w- c:\windows\system32\rhttpaa.dll
    2011-10-29 02:55:46 61952 ------w- c:\windows\system32\rasqec.dll
    2011-10-29 02:55:40 76800 ------w- c:\windows\system32\qutil.dll
    2011-10-29 02:55:33 62464 ------w- c:\windows\system32\qcliprov.dll
    2011-10-29 02:55:31 291328 ------w- c:\windows\system32\qagentrt.dll
    2011-10-29 02:55:31 150528 ------w- c:\windows\system32\qagent.dll
    2011-10-29 02:55:03 144384 ------w- c:\windows\system32\onex.dll
    2011-10-29 02:53:55 4126 -c----w- c:\windows\system32\dllcache\msdxmlc.dll
    2011-10-29 02:52:44 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2011-10-29 02:51:58 12800 ------w- c:\windows\system32\credssp.dll
    2011-10-29 02:51:49 159232 -c----w- c:\windows\system32\dllcache\cewmdm.dll
    2011-10-29 02:51:42 7168 ------w- c:\windows\system32\bitsprx4.dll
    2011-10-29 02:51:42 286720 -c----w- c:\windows\system32\dllcache\blackbox.dll
    2011-10-29 02:51:41 233472 ------w- c:\windows\system32\azroles.dll
    2011-10-29 02:51:21 8192 -c----w- c:\windows\system32\dllcache\asferror.dll
    2011-10-29 02:50:54 136192 ------w- c:\windows\system32\aaclient.dll
    2011-10-29 02:34:31 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2011-10-29 02:34:29 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2011-10-29 02:34:26 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2011-10-29 02:34:14 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2011-10-29 02:29:12 20616 ----a-w- c:\windows\system32\fbnative.exe
    2011-10-29 02:28:13 -------- d-----w- c:\program files\EaseUS
    2011-10-29 01:47:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-29 01:36:47 -------- d-----w- c:\program files\CCleaner
    2011-10-29 01:15:26 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-10-29 01:12:55 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-10-29 01:04:39 -------- d-----w- c:\program files\VS Revo Group
    2011-10-29 00:51:39 -------- d-----w- c:\documents and settings\owner\local settings\application data\Opera
    2011-10-29 00:19:25 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-10-29 00:19:25 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-10-29 00:19:24 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-10-29 00:19:24 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-10-29 00:19:24 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-10-29 00:19:24 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-10-29 00:19:24 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-10-29 00:19:24 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-10-29 00:19:24 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-10-29 00:19:23 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-10-29 00:19:22 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-10-29 00:19:21 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-10-28 23:50:58 357888 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-10-28 23:49:12 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-10-28 23:48:44 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-10-28 23:48:15 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-10-28 23:47:26 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-10-28 23:47:26 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-10-28 23:47:07 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-10-28 23:45:11 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-10-28 23:35:45 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-10-28 23:32:53 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2011-10-28 22:54:53 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-10-28 22:54:46 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-10-28 22:43:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-10-28 22:42:59 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-10-28 22:28:59 -------- d-----w- c:\documents and settings\owner\local settings\application data\Help
    2011-10-28 21:03:15 -------- d-----w- c:\windows\system32\PreInstall
    2011-10-28 21:03:09 -------- d--h--w- c:\windows\$hf_mig$
    2011-10-28 13:27:22 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-10-28 09:10:29 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-28 09:09:51 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-28 09:09:30 -------- d-----w- c:\program files\AVAST Software
    2011-10-28 09:09:30 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-10-28 08:39:36 -------- d-sh--w- c:\documents and settings\owner\UserData
    2011-10-28 08:17:08 163840 ----a-w- c:\windows\system32\igfxres.dll
    2011-10-28 08:14:43 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
    2011-10-28 08:14:41 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
    2011-10-28 08:14:24 991232 ----a-w- c:\windows\system32\virtear.dll
    2011-10-28 08:14:24 65536 ----a-w- c:\windows\system32\Audio3d.dll
    2011-10-28 08:14:24 49152 ----a-w- c:\windows\system32\DSndUp.exe
    2011-10-28 08:14:24 45056 ----a-w- c:\windows\system32\CleanUp.exe
    2011-10-28 08:14:24 -------- d-----w- c:\windows\VirtualEar
    2011-10-28 08:14:24 -------- d-----w- c:\program files\Analog Devices
    2011-10-28 08:14:02 43136 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys
    2011-10-28 07:25:59 -------- d-----w- c:\windows\system32\wbem\AutoRecover
    2011-10-28 07:19:52 24064 ----a-w- c:\windows\system32\evntcmd.exe
    2011-10-28 07:18:59 72192 ----a-w- c:\windows\system32\fxscom.dll
    2011-10-28 07:18:59 358400 ----a-w- c:\windows\system32\wbem\snmpincl.dll
    2011-10-28 07:18:56 8704 ----a-w- c:\windows\system32\fxsperf.dll
    2011-10-28 07:18:52 154112 ----a-w- c:\windows\system32\fxsui.dll
    2011-10-28 07:18:48 55296 ----a-w- c:\windows\system32\fxsevent.dll
    2011-10-28 07:18:47 18944 ----a-w- c:\windows\system32\lprmon.dll
    2011-10-28 07:18:40 26624 ----a-w- c:\windows\system32\fxsdrv.dll
    2011-10-28 07:18:32 142848 ----a-w- c:\windows\system32\fxsclnt.exe
    2011-10-28 07:18:30 33792 ----a-w- c:\windows\system32\lmmib2.dll
    2011-10-28 07:18:23 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
    2011-10-28 07:18:23 101888 ----a-w- c:\windows\system32\evntagnt.dll
    2011-10-28 07:18:21 -------- d-----w- c:\windows\ServicePackFiles
    2011-10-28 07:15:00 -------- d-----w- c:\windows\system32\ReinstallBackups
    2011-10-28 07:14:44 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-10-28 07:12:42 -------- d-----w- c:\windows\EHome
    2011-10-28 03:50:47 -------- d-----w- c:\program files\3B Software
    2011-10-27 23:23:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
    2011-10-27 20:48:58 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
    2011-10-27 20:41:45 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
    2011-10-27 20:41:45 73728 ----a-w- c:\program files\internet explorer\connection wizard\icwtutor.exe
    2011-10-27 20:41:45 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
    2011-10-27 20:41:45 61440 ----a-w- c:\program files\internet explorer\connection wizard\icwres.dll
    2011-10-27 20:41:45 61440 ----a-w- c:\program files\internet explorer\connection wizard\icwconn.dll
    2011-10-27 20:41:45 49152 ----a-w- c:\program files\internet explorer\connection wizard\icwutil.dll
    2011-10-27 20:41:45 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
    2011-10-27 20:41:45 40960 ----a-w- c:\program files\internet explorer\connection wizard\trialoc.dll
    2011-10-27 20:41:45 24576 ----a-w- c:\program files\internet explorer\connection wizard\icwrmind.exe
    2011-10-27 20:41:45 172032 ----a-w- c:\program files\internet explorer\connection wizard\icwhelp.dll
    2011-10-27 20:40:48 196608 ----a-w- c:\windows\system32\wbem\wmiadap.exe
    2011-10-27 20:38:08 7046 ----a-r- c:\windows\SET34.tmp
    2011-10-27 20:38:07 13608 ----a-r- c:\windows\SET22.tmp
    2011-10-27 20:38:05 1086182 ----a-r- c:\windows\SET16.tmp
    2011-10-27 19:59:12 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-10-27 19:59:12 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-10-27 19:59:11 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-10-27 19:59:11 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-10-27 19:58:59 7046 ----a-r- c:\windows\SET3F.tmp
    2011-10-27 19:58:59 13608 ----a-r- c:\windows\SET2D.tmp
    2011-10-27 19:58:57 1086182 ----a-r- c:\windows\SET21.tmp
    2011-10-27 19:51:08 -------- d-----w- c:\windows\setup.pss
    2011-10-27 18:53:07 81920 ----a-w- c:\windows\system32\Startup.cpl
    2011-10-27 18:06:02 -------- d-----w- c:\program files\Yahoo!
    2011-10-27 18:04:46 14656 ----a-w- c:\windows\gdrv.sys
    2011-10-27 17:41:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\Powercinema
    2011-10-27 17:34:33 94208 ----a-r- c:\windows\system32\bcmsm.cpl
    2011-10-27 17:34:31 57344 ----a-w- c:\windows\BCMSMD2K.exe
    2011-10-27 17:34:31 49152 ----a-w- c:\windows\system32\BCMSM168.dll
    2011-10-27 17:34:31 151552 ----a-w- c:\windows\BCMSMU.exe
    2011-10-27 17:34:31 122880 ----a-w- c:\windows\system32\BCMSMI32.dll
    2011-10-27 17:34:31 122880 ----a-w- c:\windows\BCMSMMSG.exe
    2011-10-27 17:34:31 1101696 ----a-w- c:\windows\system32\drivers\BCMSM.sys
    2011-10-27 17:33:49 4272 ----a-r- c:\windows\system32\drivers\bvrp_pci.sys
    2011-10-27 17:29:09 230120 ----a-w- c:\windows\WBDBU32I.DLL
    2011-10-27 17:28:43 644377 ----a-r- c:\windows\system32\drivers\IntelC52.sys
    2011-10-27 17:28:43 59685 ----a-r- c:\windows\system32\drivers\IntelC53.sys
    2011-10-27 17:28:43 53248 ----a-r- c:\windows\system32\mhwt.dll
    2011-10-27 17:28:43 33300 ----a-r- c:\windows\system32\drivers\mohfilt.sys
    2011-10-27 17:28:43 163840 ----a-r- c:\windows\system32\intelmoh.dll
    2011-10-27 17:28:43 1231829 ----a-r- c:\windows\system32\drivers\IntelC51.sys
    2011-10-27 17:26:30 -------- d-----w- c:\windows\system32\NtmsData
    2011-10-27 17:20:29 -------- d-s---w- c:\windows\system32\Microsoft
    2011-10-27 15:19:02 -------- d-----w- c:\windows\pss
    2011-10-27 15:08:17 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2011-10-27 15:08:16 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-10-27 15:08:16 150528 ----a-w- c:\windows\system32\ptpusd.dll
    2011-10-27 15:08:14 -------- d-sh--w- c:\windows\Installer
    .
    ==================== Find3M ====================
    .
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 19:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 19:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 19:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 14:23:47.65 ===============

    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    ACID Music Studio 8.0
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    ASIO4ALL
    avast! Free Antivirus
    BCM V.92 56K Modem
    Broadcom 440x 10/100 Integrated Controller
    Dell ResourceCD
    EarthLink MDAC
    EaseUS Todo Backup Free 3.0
    FL Studio 9
    Foxit Reader 5.1
    Glary Utilities 2.39.0.1310
    Hardcore
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    IL Download Manager
    Intel(R) Extreme Graphics Driver
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft XML Parser
    MSSoap
    MSXML 6 Service Pack 2 (KB973686)
    MusicBee
    Opera 11.52
    PoiZone
    Revo Uninstaller 1.93
    Sawer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SoundMAX
    Toxic Biohazard
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Essentials Media Codec Pack 3.6 [32-Bit]
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Registry Repair Pro
    Windows XP Service Pack 3
    xrecode II 1.0.0.181
    .
    ==== End Of File ===========================
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,197
    Hiya and welcome to Tech Support Guy :)

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      ĀµTorrent


      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

    ----------------------------
    Now that's out of the way, lets get started :)

    I see you have Malwarebytes' Anti-Malware already installed. Can you update it and run a scan.

    Also, can you run these:

    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    -------------

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027314

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice