GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-04 02:27:30 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST380819AS rev.3.02 Running: k357b62m.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9DFA202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9E60D8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9E1E6C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9DFC7F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9DFC848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9DFC95E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9E1E075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9DFC746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9DFC898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9DFC79A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9DFC90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9DFA226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9E1ED87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9E1F03D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9DFCBE2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9E1EBF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9E1EA5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9E60E3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9DF9FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9DFA24A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9DFCD56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9DFACDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9DFC820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9DFC870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9DFC988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9E1E3D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9DFC772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9DFCA1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9DFC8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9DFC7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9DFCAFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9DFC936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9E60ED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9E1E8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9DFABA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9E1E72A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9E6910E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9E1D6E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9DFA26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9DFA292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9DFA04A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9DFA186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9E1EE8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9DFA162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9DFA1AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9DFA2B6] INT 0x62 ? 82FDFBF8 INT 0x73 ? 82FDFBF8 INT 0x82 ? 82FDFBF8 INT 0x84 ? 82E48BF8 INT 0x94 ? 82E48BF8 INT 0xA4 ? 82E48BF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9E76398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D08 805045A4 4 Bytes [5D, EA, E1, A9] .text ntkrnlpa.exe!ZwCallbackReturn + 2E64 80504700 4 Bytes CALL B28EF0E6 .text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, D6, E1, A9] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A9DFB335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 3 Bytes JMP A9E71D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject + 4 805BC55A 1 Byte [29] PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 3 Bytes JMP A9E737F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 4 805C2FDE 1 Byte [29] PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A9E7639C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? sprl.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload F7D2F8AC 5 Bytes JMP 82E481D8 .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A9DFDCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A9DFDBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A9DFCF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A9DFDE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A9DFE014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A9DFDB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A9DFCE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A9DFD180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A9DFD326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A9DFCE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A9DFDBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A9DFD2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A9DFDD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A9DFDF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A9DFCFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A9DFD03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A9DFD0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A9DFD0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A9DFCD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A9DFCEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A9DFD008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A9DFD440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A9DFDECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA96E9300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF8802300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\wdfmgr.exe[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\WINDOWS\system32\wdfmgr.exe[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\WINDOWS\system32\wdfmgr.exe[424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wdfmgr.exe[424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\smss.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\services.exe[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\services.exe[640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\services.exe[640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\lsass.exe[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\Explorer.EXE[944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\Explorer.EXE[944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\Explorer.EXE[944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\Explorer.EXE[944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\Explorer.EXE[944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\Explorer.EXE[944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\Explorer.EXE[944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC .text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\System32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\System32\svchost.exe[956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1276] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\spoolsv.exe[1760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\spoolsv.exe[1760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\spoolsv.exe[1760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\spoolsv.exe[1760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\spoolsv.exe[1760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\spoolsv.exe[1760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 .text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxtray.exe[2204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\igfxtray.exe[2204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[2204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\igfxtray.exe[2204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[2204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\igfxtray.exe[2204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\igfxtray.exe[2204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\igfxtray.exe[2204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxtray.exe[2204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxtray.exe[2204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\hkcmd.exe[2212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\hkcmd.exe[2212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\hkcmd.exe[2212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[2212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\hkcmd.exe[2212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\hkcmd.exe[2212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\hkcmd.exe[2212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hkcmd.exe[2212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\hkcmd.exe[2212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxpers.exe[2220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\igfxpers.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\igfxpers.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[2220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\igfxpers.exe[2220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\igfxpers.exe[2220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\igfxpers.exe[2220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxpers.exe[2220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxpers.exe[2220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\RTHDCPL.EXE[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\RTHDCPL.EXE[2236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[2236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[2236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[2236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[2236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[2236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\RTHDCPL.EXE[2236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600 .text C:\Program Files\Winamp\winampa.exe[2304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\Program Files\Winamp\winampa.exe[2304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[2304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\Program Files\Winamp\winampa.exe[2304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[2304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804 .text C:\Program Files\Winamp\winampa.exe[2304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Winamp\winampa.exe[2304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600 .text C:\Program Files\Winamp\winampa.exe[2304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8 .text C:\Program Files\Winamp\winampa.exe[2304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00331014 .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00330804 .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00330A08 .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00330C0C .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00330E10 .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003301F8 .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003303FC .text C:\Program Files\Winamp\winampa.exe[2304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00330600 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00410804 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00410A08 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00410600 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004101F8 .text C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[2316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004103FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\System32\alg.exe[3180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804 .text C:\WINDOWS\System32\alg.exe[3180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08 .text C:\WINDOWS\System32\alg.exe[3180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600 .text C:\WINDOWS\System32\alg.exe[3180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8 .text C:\WINDOWS\System32\alg.exe[3180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\System32\alg.exe[3180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\ctfmon.exe[3356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[3356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[3356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\ctfmon.exe[3356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\ctfmon.exe[3356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\ctfmon.exe[3356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\ctfmon.exe[3356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\ctfmon.exe[3356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\ctfmon.exe[3356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC .text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\wscntfy.exe[5612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wscntfy.exe[5612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[5612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wscntfy.exe[5612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[5612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wscntfy.exe[5612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wscntfy.exe[5612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wscntfy.exe[5612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wscntfy.exe[5612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wscntfy.exe[5612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00330600 .text G:\k357b62m.exe[5644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text G:\k357b62m.exe[5644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text G:\k357b62m.exe[5644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text G:\k357b62m.exe[5644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text G:\k357b62m.exe[5644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009C1014 .text G:\k357b62m.exe[5644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009C0804 .text G:\k357b62m.exe[5644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009C0A08 .text G:\k357b62m.exe[5644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009C0C0C .text G:\k357b62m.exe[5644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009C0E10 .text G:\k357b62m.exe[5644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009C01F8 .text G:\k357b62m.exe[5644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C03FC .text G:\k357b62m.exe[5644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009C0600 .text G:\k357b62m.exe[5644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009D0804 .text G:\k357b62m.exe[5644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009D0A08 .text G:\k357b62m.exe[5644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009D0600 .text G:\k357b62m.exe[5644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009D01F8 .text G:\k357b62m.exe[5644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009D03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00741014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00740804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00740A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00740C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00740E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007401F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007403FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00740600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00750804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AA047 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106A9FD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104B1B87 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00750A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00750600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6240] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104B2155 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00821014 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00820804 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00820A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00820C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00820E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00820600 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00830804 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00830A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00830600 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 008301F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[6392] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 008303FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F82B3040] sprl.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F82B313C] sprl.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F82B30BE] sprl.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F82B37FC] sprl.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F82B36D2] sprl.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F82C3048] sprl.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[640] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00670002 IAT C:\WINDOWS\system32\services.exe[640] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00670000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 82FDE1F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \FatCdrom 82BC5500 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-0 82E151F8 Device \Driver\usbuhci \Device\USBPDO-1 82E151F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F711F8 Device \Driver\dmio \Device\DmControl\DmConfig 82F711F8 Device \Driver\dmio \Device\DmControl\DmPnP 82F711F8 Device \Driver\dmio \Device\DmControl\DmInfo 82F711F8 Device \Driver\usbuhci \Device\USBPDO-2 82E151F8 Device \Driver\usbuhci \Device\USBPDO-3 82E151F8 Device \Driver\usbehci \Device\USBPDO-4 82DE81F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 82FE01F8 Device \Driver\Cdrom \Device\CdRom0 82DCB1F8 Device \Driver\atapi \Device\Ide\IdePort0 [F8206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F8206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F8206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F8206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e [F8206B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 828AB1F8 Device \Driver\USBSTOR \Device\00000079 82434500 Device \Driver\NetBT \Device\NetbiosSmb 828AB1F8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 82E151F8 Device \Driver\USBSTOR \Device\0000007a 82434500 Device \Driver\usbuhci \Device\USBFDO-1 82E151F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 828A61F8 Device \Driver\usbuhci \Device\USBFDO-2 82E151F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 828A61F8 Device \Driver\usbuhci \Device\USBFDO-3 82E151F8 Device \Driver\usbehci \Device\USBFDO-4 82DE81F8 Device \Driver\Ftdisk \Device\FtControl 82FE01F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E1390D91-56BF-4740-92CE-61E432211CE5} 828AB1F8 Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \Fat 82BC5500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Cdfs \Cdfs 82DB51F8 Device \FileSystem\Cdfs \Cdfs A884EBCE ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x90 0x9B 0x36 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBA 0xD0 0x0D 0x2C ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6E 0x59 0x6B 0xEC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x90 0x9B 0x36 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBA 0xD0 0x0D 0x2C ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6E 0x59 0x6B 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x28 0x65 0xB4 0x99 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0x90 0x9B 0x36 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBA 0xD0 0x0D 0x2C ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6E 0x59 0x6B 0xEC ... ---- EOF - GMER 1.0.15 ----