Solved virus stopped my avira working vista

[Resolved] virus stopped my avira working vista

my daughters computer would not boot up properly just kept trying to update avira. whent into safe mode and tried to run virus scan stopped working after a few minutes. tried several onling scans but with same results.tried to remove avira . most removed but some still appears to be in the system but not working. restored computer to a earlier date and appears to be working ok. installed avast and ran scan nothing found. ran trend housecall online nothing found. thought thought it best to have it checked as she is a teacher and sometimes has childrengs data on computer. glad we did as first scan found a threat. logs to follow hope i have done them right. thanks joyce

 

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19088

15/10/2011 10:05:32
mbam-log-2011-10-15 (10-05-32).txt

Scan type: Quick scan
Objects scanned: 168916
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

mbr check

18:25:04.359 OS Version: Windows 6.0.6002 Service Pack 2
18:25:04.359 Number of processors: 2 586 0x170A
18:25:04.359 ComputerName: SARAH-PC UserName: Sarah
18:25:05.217 Initialize success
18:25:05.295 AVAST engine defs: 11101601
18:25:07.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:25:07.651 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
18:25:09.788 Disk 0 MBR read successfully
18:25:09.804 Disk 0 MBR scan
18:25:09.804 Disk 0 Windows VISTA default MBR code
18:25:09.819 Disk 0 scanning sectors +312578048
18:25:09.929 Disk 0 scanning C:\Windows\system32\drivers
18:25:39.974 Service scanning
18:25:42.720 Modules scanning
18:26:07.383 Disk 0 trace - called modules:
18:26:07.430 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
18:26:07.446 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8568aac8]
18:26:07.446 3 CLASSPNP.SYS[89fa38b3] -> nt!IofCallDriver -> [0x84f43408]
18:26:07.446 5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84eb6b98]
18:26:08.288 AVAST engine scan C:\Windows
18:26:15.417 AVAST engine scan C:\Windows\system32
18:28:57.735 AVAST engine scan C:\Windows\system32\drivers
18:29:17.516 AVAST engine scan C:\Users\Sarah
18:29:17.766 File: C:\Users\Sarah\AppData\Local\22a6abd8\U\80000000.@ **INFECTED** Win32:Malware-gen
18:29:17.859 File: C:\Users\Sarah\AppData\Local\22a6abd8\X **INFECTED** Win32:ZAccess-R [Rtk]
18:29:57.873 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat "
18:29:57.889 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt "

 

dds log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Sarah at 18:36:58 on 2011-10-16
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3001.1717 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c205l0394zqh5t47m2x231
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c205l0394zqh5t47m2x231
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c205l0394zqh5t47m2x231
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe "
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe "
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe "
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe "
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\sarah\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\sarah\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\users\sarah\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\users\sarah\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{CD7C0F2C-BC4C-4E6B-BC68-ED12EFA6F211} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll

 

dds log

=========== SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-5-17 28552]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-14 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-14 320856]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-11 11608]
R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\gridvista\DPMemGridVista.sys [2009-7-15 10504]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-12-4 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-12-4 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-12-4 59952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-14 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-14 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-14 44768]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-11 56816]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-7-27 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-7-14 723488]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-5-4 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-4-17 32768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-15 366152]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\clarus\samsung secretzone\MSSvc.exe [2011-3-16 114688]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-5-14 305448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-7-15 49664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-15 22216]
RUnknown mdf15;mdf15; [x]
RUnknown mvd20;mvd20; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-11 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-11 185089]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-3 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-3 136176]
.
=============== Created Last 30 ================
.
2011-10-16 17:12:35 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd2e1467-3ce0-4132-a56e-e6e01733af2c}\offreg.dll
2011-10-15 13:53:44 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 13:53:43 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-15 13:53:43 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-15 13:53:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 13:53:42 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-15 13:53:24 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-15 09:21:54 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-15 09:19:17 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 09:19:17 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-15 09:19:17 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-15 09:19:17 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 09:18:46 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-15 09:18:46 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-15 09:18:44 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-15 09:16:55 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-10-15 08:58:13 -------- d-----w- c:\users\sarah\appdata\roaming\Malwarebytes
2011-10-15 08:58:08 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 08:58:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 08:58:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-14 20:16:53 -------- d-----w- c:\windows\system32\eu-ES
2011-10-14 20:16:53 -------- d-----w- c:\windows\system32\ca-ES
2011-10-14 20:16:52 -------- d-----w- c:\windows\system32\vi-VN
2011-10-14 19:55:24 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-14 19:55:21 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-14 19:33:19 41184 ----a-w- c:\windows\avastSS.scr
2011-10-14 19:31:55 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd2e1467-3ce0-4132-a56e-e6e01733af2c}\mpengine.dll
2011-10-14 18:37:27 -------- d-----w- c:\program files\STOPzilla!
2011-10-14 18:37:27 -------- d-----w- c:\program files\common files\iS3
2011-10-12 18:20:26 -------- d-----w- c:\programdata\AVAST Software
2011-10-12 18:20:26 -------- d-----w- c:\program files\AVAST Software
2011-10-12 17:36:43 -------- d-sh--w- c:\users\sarah\appdata\local\22a6abd8
.
==================== Find3M ====================
.
2011-08-03 18:12:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:37:34.54 ===============

 

dds 2

IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27/07/2009 21:17:49
System Uptime: 16/10/2011 18:12:10 (0 hours ago)
.
Motherboard: Acer | | Aspire 5332
Processor: Celeron(R) Dual-Core CPU T3000 @ 1.80GHz | uPGA-478 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 83.455 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP519: 14/10/2011 20:26:29 - Windows Vistaâ„¢ Service Pack 2
RP520: 15/10/2011 09:00:09 - Windows Update
RP521: 16/10/2011 10:16:40 - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer ePower Management
Acer eRecovery Management
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
aiofw
aioprnt
aioscnnr
Airport Mania First Flight
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
Bonjour
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
center
Choice Guard
Compatibility Pack for the 2007 Office system
Cooking Dash
Cradle of Rome
Dairy Dash
Dream Day Honeymoon
File Scavenger 3.2 (en)
Formulator Tarsia 2.0
Galapago
Google Toolbar for Internet Explorer
Google Update Helper
GridVista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Jewel Quest Solitaire
KODAK AiO Home Centre
ksDIP
Launch Manager
Luxor 2
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Ocean Express
Panda ActiveScan 2.0
Parking Dash
PreReq
Puzzle Express
QuickTime
Rainbow Web
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Samsung Auto Backup
Samsung SecretZone
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Synaptics Pointing Device Driver
Tradewinds 2
Tri-Peaks Solitaire To Go
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Wedding Dash
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Detect
YouTube Downloader 3.3
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========

 

dds2 2

16/10/2011 10:20:25, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: System Update Readiness Tool for Windows Vista (KB947821) [August 2011].
16/10/2011 10:18:35, Error: Service Control Manager [7034] - The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).
15/10/2011 17:11:47, Error: EventLog [6008] - The previous system shutdown at 17:09:29 on 15/10/2011 was unexpected.
15/10/2011 09:30:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi avgio avipbb DPMemGridVista mwlPSDFilter mwlPSDNServ mwlPSDVDisk pavboot spldr ssmdrv Wanarpv6
15/10/2011 09:30:42, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
15/10/2011 09:29:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/10/2011 09:29:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
15/10/2011 09:22:31, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
15/10/2011 09:02:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: System Update Readiness Tool for Windows Vista (KB947821) [May 2011].
14/10/2011 20:24:03, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.113.1652.0).
14/10/2011 20:15:08, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.113.1136.0 Loading engine version: 1.1.7702.0
14/10/2011 20:06:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kodak AiO Device Service service to connect.
14/10/2011 20:06:36, Error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Kodak AiO Device Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2011 20:06:36, Error: Service Control Manager [7000] - The Kodak AiO Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2011 19:49:19, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2011 19:49:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
14/10/2011 19:49:10, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
14/10/2011 19:47:09, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
14/10/2011 19:45:58, Error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
14/10/2011 19:45:58, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
14/10/2011 19:45:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
14/10/2011 19:45:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
14/10/2011 19:45:58, Error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2011 19:45:58, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2011 19:45:58, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
14/10/2011 19:45:58, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2011 19:32:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
14/10/2011 19:27:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi DPMemGridVista mdf15 mwlPSDFilter mwlPSDNServ mwlPSDVDisk pavboot spldr Wanarpv6
14/10/2011 19:26:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
14/10/2011 19:06:08, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi avgio avipbb DfsC DPMemGridVista mdf15 mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy pavboot PSched RasAcd rdbss Smb spldr ssmdrv Tcpip tdx Wanarpv6
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The dependency service or group failed to start.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:08, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/10/2011 19:06:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
14/10/2011 19:05:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
14/10/2011 19:05:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
14/10/2011 19:04:39, Error: EventLog [6008] - The previous system shutdown at 19:00:43 on 14/10/2011 was unexpected.
14/10/2011 18:58:50, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: Access is denied.
14/10/2011 18:24:59, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
14/10/2011 07:37:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi avgio avipbb DfsC DPMemGridVista mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS netbt nsiproxy pavboot PSched RasAcd rdbss Smb spldr ssmdrv Tcpip tdx Wanarpv6
14/10/2011 07:35:55, Error: EventLog [6008] - The previous system shutdown at 07:34:12 on 14/10/2011 was unexpected.
14/10/2011 07:20:59, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
14/10/2011 07:18:31, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: Access is denied.
14/10/2011 07:18:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "5" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
14/10/2011 07:17:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
14/10/2011 07:17:04, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/10/2011 07:12:37, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: The system cannot find the file specified.
13/10/2011 08:24:31, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: Access is denied.
12/10/2011 19:44:32, Error: EventLog [6008] - The previous system shutdown at 19:41:22 on 12/10/2011 was unexpected.
12/10/2011 19:25:14, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/10/2011 10:18:31, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
09/10/2011 20:23:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
.
==== End Of File ===========================

 

dont think i poosted gmer rught will try again

ER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-16 18:11:05
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: 9rnqtzkr.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\uwdoypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EEA4374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EEA6996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EEA69EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EEA6B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EEA68EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8EEA6A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EEA6940]
SSDT 9696141C ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EEA6AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EEA4398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8EEA4162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EEA43BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EEA6EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EEA4E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EEA69C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EEA6A16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EEA6B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EEA6918]
SSDT 96961408 ZwOpenProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EEA6A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EEA696E]
SSDT 9696140D ZwOpenThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EEA6ADC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EEA4D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EEA43E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EEA4404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EEA41BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EEA42F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EEA42D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8EEA431C]
SSDT 96961417 ZwTerminateProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EEA4428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F4BA9A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

 

gmer

.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[12] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\spoolsv.exe[200] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[200] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[200] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Windows\System32\spoolsv.exe[200] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\spoolsv.exe[200] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00A30600
.text C:\Windows\System32\spoolsv.exe[200] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00A30804
.text C:\Windows\System32\spoolsv.exe[200] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00A30A08
.text C:\Windows\System32\spoolsv.exe[200] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 00A301F8
.text C:\Windows\System32\spoolsv.exe[200] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 00A303FC
.text C:\Windows\system32\svchost.exe[276] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[276] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[276] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[276] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[276] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[276] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[276] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[276] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[276] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\csrss.exe[616] KERNEL32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[660] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[672] KERNEL32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\services.exe[704] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[704] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[704] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[704] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[704] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[704] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[704] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[704] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8

 

gmer

775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[912] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[912] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[912] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00A50600
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00A50804
.text C:\Windows\system32\svchost.exe[912] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00A50A08
.text C:\Windows\system32\svchost.exe[912] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 00A501F8
.text C:\Windows\system32\svchost.exe[912] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 00A503FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1000] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00120600
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00120804
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00120A08
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001201F8
.text C:\Windows\System32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001203FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00190600
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00191014
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00190804
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00190A08
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00190C0C
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00190E10
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[1100] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00160600
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00160804
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00160A08
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001601F8
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001603FC
.text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00A50600
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00A50804
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00A50A08
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 00A501F8
.text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 00A503FC
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00260600
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 002603FC
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00290600
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00290804
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00290A08
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 002901F8
.text C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe[1212] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 002903FC
.text C:\Windows\system32\AUDIODG.EXE[1272] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00CF0600
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00CF0804
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00CF0A08
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 00CF01F8
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 00CF03FC
.text C:\Program Files\Kodak\AiO\center\KodakSvc.exe[1464] KERNEL32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 002703FC
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00270600
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00271014
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00270804
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00270A08
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00270C0C
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00270E10
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 002701F8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00280600
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00280804
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00280A08
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 002801F8
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1476] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 002803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

7753B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000B03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1704] kernel32.dll!SetUnhandledExceptionFilter 76FAA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1704] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00170600
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00170804
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[1772] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00200600
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00200804
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00200A08
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 002001F8
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 002003FC
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 002103FC
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00210600
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00211014
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00210804
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00210A08
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00210C0C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00210E10
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2112] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 002101F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00250600
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00250804
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00250A08
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 002501F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 002503FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 003603FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00360600
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00361014
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00360804
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00360A08
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00360C0C
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00360E10
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe[2128] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 003601F8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00170600
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00170804
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00170A08
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[2140] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2156] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2156] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2156] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[2156] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[2156] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[2156] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[2156] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[2188] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2188] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2188] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2188] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2252] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2252] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2252] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2272] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2272] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2272] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2272] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2272] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2272] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2272] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2272] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2272] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\igfxpers.exe[2336] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[2336] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[2336] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2336] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[2336] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[2336] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[2336] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxpers.exe[2336] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxpers.exe[2336] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001901F8
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001B03FC
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 001B0600
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 001B1014
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 001B0804
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 001B0A08
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 001B0C0C
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 001B0E10
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001B01F8
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 001C0600
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 001C0804
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 001C0A08
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001C01F8
.text C:\Users\Sarah\Desktop\9rnqtzkr.exe[2340] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001C03FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001401F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001403FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

. 76FD2247 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00160600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00160804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00160A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[2412] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\hkcmd.exe[2656] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[2656] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[2656] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2656] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[2656] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[2656] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[2656] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[2656] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[2656] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001901F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] USER32.dll!UnhookWindowsHookEx 770898DB 3 Bytes JMP 00090A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] USER32.dll!UnhookWindowsHookEx + 4 770898DF 1 Byte [89]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] USER32.dll!UnhookWinEvent 7708C06F 3 Bytes JMP 000903FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2660] USER32.dll!UnhookWinEvent + 4 7708C073 1 Byte [89]
.text C:\Windows\system32\Dwm.exe[2672] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[2672] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[2672] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[2672] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[2672] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[2672] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[2672] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[2672] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[2672] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Launch Manager\LManager.exe[2688] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Launch Manager\LManager.exe[2688] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Launch Manager\LManager.exe[2688] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 003303FC
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00330600
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00331014
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00330804
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00330A08
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00330C0C
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00330E10
.text C:\Program Files\Launch Manager\LManager.exe[2688] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 003301F8
.text C:\Program Files\Launch Manager\LManager.exe[2688] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00340600
.text C:\Program Files\Launch Manager\LManager.exe[2688] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00340804
.text C:\Program Files\Launch Manager\LManager.exe[2688] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00340A08
.text C:\Program Files\Launch Manager\LManager.exe[2688] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 003401F8
.text C:\Program Files\Launch Manager\LManager.exe[2688] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 003403FC
.text C:\Windows\system32\taskeng.exe[2696] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2696] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2696] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2696] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8

 

gmer

76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2696] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2696] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2696] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2696] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2696] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00090600
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00091014
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00090804
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00090A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00090C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00090E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2704] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000901F8
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[2736] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[2736] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[2736] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[2736] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[2736] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[2736] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2780] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\taskeng.exe[2792] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2792] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2792] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2792] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2792] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2792] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2792] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2792] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2792] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!CreateWindowExW 77091305 5 Bytes JMP 6AD3DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!DialogBoxParamW 770B10B0 5 Bytes JMP 6AC654C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!DialogBoxIndirectParamW 770B2EF5 5 Bytes JMP 6AE35329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!DialogBoxParamA 770C8152 5 Bytes JMP 6AE352C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!DialogBoxIndirectParamA 770C847D 5 Bytes JMP 6AE3538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!MessageBoxIndirectA 770DD4D9 5 Bytes JMP 6AE3525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!MessageBoxIndirectW 770DD5D3 5 Bytes JMP 6AE351F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!MessageBoxExA 770DD639 5 Bytes JMP 6AE3518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2832] USER32.dll!MessageBoxExW 770DD65D 5 Bytes JMP 6AE3512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\Explorer.EXE[2848] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[2848] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[2848] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

775293A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[2848] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[2848] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[2848] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[2848] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[2848] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[2848] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[2848] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[2848] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[2848] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75BDB37C 4 Bytes [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001401F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001403FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00160600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00160804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00160A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[3028] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[3132] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3148] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 001E0600
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 001E0804
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 001E0A08
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001E01F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001E03FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001F03FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 001F0600
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 001F1014
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 001F0804
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 001F0A08
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 001F0C0C
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 001F0E10
.text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3240] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001F01F8
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000601F8
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000603FC
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000903FC
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00090600
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00091014
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00090804
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00090A08
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00090C0C
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00090E10
.text C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe[3308] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000901F8
.text C:\Windows\system32\igfxext.exe[3364] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxext.exe[3364] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxext.exe[3364] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\igfxext.exe[3364] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxext.exe[3364] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxext.exe[3364] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxext.exe[3364] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxext.exe[3364] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxext.exe[3364] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00BF0600
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00BF0804
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00BF0A08
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 00BF01F8
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 00BF03FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 00C003FC
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00C00600
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00C01014
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00C00804
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00C00A08
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00C00C0C
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00C00E10
.text C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe[3380] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 00C001F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

77086322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\igfxsrvc.exe[3540] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[3540] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[3540] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3540] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[3540] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[3540] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[3540] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[3540] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[3540] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe[3624] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3672] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[3672] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[3672] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\unsecapp.exe[3672] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\unsecapp.exe[3672] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\unsecapp.exe[3672] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3672] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00270600
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00270804
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00270A08
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 002701F8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 002703FC
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 002803FC
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00280600
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00281014
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00280804
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00280A08
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00280C0C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00280E10
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[3704] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 002801F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001401F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001403FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00160600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00160804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00160A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[3740] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3756] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3832] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3840] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

77086322 5 Bytes JMP 00170600
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00170804
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00170A08
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[3848] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000401F8
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000403FC
.text C:\Windows\system32\SearchProtocolHost.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00060600
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00061014
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00060804
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00060A08
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00060C0C
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00060E10
.text C:\Windows\system32\SearchProtocolHost.exe[3920] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchProtocolHost.exe[3920] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchProtocolHost.exe[3920] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchProtocolHost.exe[3920] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchProtocolHost.exe[3920] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchProtocolHost.exe[3920] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00170600
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00171014
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00170804
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00170A08
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00170C0C
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00170E10
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001701F8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00180600
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00180804
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00180A08
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[3952] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\wuauclt.exe[4156] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[4156] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[4156] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4156] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[4156] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[4156] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[4156] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[4156] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[4156] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000801F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4836] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\SearchFilterHost.exe[4880] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchFilterHost.exe[4880] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchFilterHost.exe[4880] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchFilterHost.exe[4880] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchFilterHost.exe[4880] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchFilterHost.exe[4880] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchFilterHost.exe[4880] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchFilterHost.exe[4880] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchFilterHost.exe[4880] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000401F8
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000403FC
.text C:\Windows\system32\SearchProtocolHost.exe[5008] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]

 

gmer

76FD2247 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00060600
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00061014
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00060804
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00060A08
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00060C0C
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00060E10
.text C:\Windows\system32\SearchProtocolHost.exe[5008] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchProtocolHost.exe[5008] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchProtocolHost.exe[5008] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchProtocolHost.exe[5008] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchProtocolHost.exe[5008] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchProtocolHost.exe[5008] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00060600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00061014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00060804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00060A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00060C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00060E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5120] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[5220] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[5220] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[5220] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[5220] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[5220] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[5220] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[5220] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[5220] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[5220] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 001303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ntdll.dll!LdrLoadDll 775293A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ntdll.dll!LdrUnloadDll 7753B740 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] kernel32.dll!GetBinaryTypeW + 70 76FD2247 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!CreateServiceW 76CC9EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!DeleteService 76CCA07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!SetServiceObjectSecurity 76D06CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!ChangeServiceConfigA 76D06DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!ChangeServiceConfigW 76D06F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!ChangeServiceConfig2A 76D07099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!ChangeServiceConfig2W 76D071E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ADVAPI32.dll!CreateServiceA 76D072A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!SetWindowsHookExA 77086322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!SetWindowsHookExW 770887AD 5 Bytes JMP 6AD39A91 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!CallNextHookEx 77088E3B 5 Bytes JMP 6AD2D0CD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!UnhookWindowsHookEx 770898DB 5 Bytes JMP 6ACA466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!SetWinEventHook 77089F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!UnhookWinEvent 7708C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!CreateWindowExW 77091305 5 Bytes JMP 6AD3DB04 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!DialogBoxParamW 770B10B0 5 Bytes JMP 6AC654C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!DialogBoxIndirectParamW 770B2EF5 5 Bytes JMP 6AE35329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!DialogBoxParamA 770C8152 5 Bytes JMP 6AE352C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!DialogBoxIndirectParamA 770C847D 5 Bytes JMP 6AE3538C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!MessageBoxIndirectA 770DD4D9 5 Bytes JMP 6AE3525B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!MessageBoxIndirectW 770DD5D3 5 Bytes JMP 6AE351F0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!MessageBoxExA 770DD639 5 Bytes JMP 6AE3518E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] USER32.dll!MessageBoxExW 770DD65D 5 Bytes JMP 6AE3512C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ole32.dll!OleLoadFromStream 77211E80 5 Bytes JMP 6AE35691 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5612] ole32.dll!CoCreateInstance 77249F3E 5 Bytes JMP 6AD3DB60 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[704] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT C:\Windows\system32\services.exe[704] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74277817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7427BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7426F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7426E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7427DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7426FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7426FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7429C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7426D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74266853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7426687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74272AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT C:\Windows\Explorer.EXE[2848] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)

---- Devices - GMER 1.0.15 ----