My computer has been completely freezing seemingly on random intervals. I noticed I had the win32/tenga virus a few days ago when the crashing began and hopefully removed it completely with avast, malwarebytes and spybot s&d.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 4
RAM: 16375 Mb
Graphics Card: NVIDIA GeForce GTX 480, 1535 Mb
Hard Drives: (ssd) C: Total - 122001 MB, Free - 15464 MB; (was external hdd, now internal) H: Total - 1764710 MB, Free - 219007 MB;
Motherboard: EVGA, X58 SLI FTW3
Antivirus: None
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:04:35 PM, on 5/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\MuuniaPC2.0\procexp.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Users\MuuniaPC2.0\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4085284437-476141492-3903469175-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4085284437-476141492-3903469175-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: procexp.lnk = MuuniaPC2.0\procexp.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7629 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by MuuniaPC2.0 at 12:05:26 on 2013-05-28
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.16375.13543 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\soluto\soluto.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\MuuniaPC2.0\procexp.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\MuuniaPC2.0\procexp64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\PCMeter\PCMeterV0.3.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Nightly\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.my.af.mil/faf/FAF/fafHome.jsp
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\MUUNIA~1.0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Star tup\procexp.lnk - C:\Users\MuuniaPC2.0\procexp.exe
StartupFolder: C:\Users\MUUNIA~1.0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Star tup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{37D127A6-6DBC-493B-9B87-9B114D877A8F} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Notify: avldr - avldr64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?hl=en-GB&q=
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}\components\IDfXpCom.dll
FF - plugin: C:\Users\MuuniaPC2.0\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3 .dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll
FF - ExtSQL: 2013-04-09 12:22; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-04-09 12:22; artur.dubovoy@gmail.com; C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-05-15 02:34; jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack; C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-24 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-24 189936]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-4-23 74456]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-2-27 54728]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-24 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-24 378432]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-24 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-24 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-24 46808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-24 701512]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-5-2 31448]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-2-26 182336]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-2-26 699968]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-27 3574624]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2013-2-27 28928]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-24 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 539240]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-4-23 128856]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2013-2-27 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-25 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-25 1033688]
S3 CEDRIVER60;CEDRIVER60;C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys [2013-2-27 62752]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-27 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-1-7 74112]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-25 171928]
S3 slb;slb;C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [2013-5-27 81880]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-2-26 1239552]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S4 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
.
=============== Created Last 30 ================
.
2013-05-28 14:49:09 867656 ----a-w- C:\Users\MuuniaPC2.0\procexp64.exe
2013-05-28 02:43:44 -------- d-----w- C:\Intel
2013-05-27 17:35:11 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Local\Aeria Games
2013-05-27 17:34:59 -------- d-----w- C:\ProgramData\Aeria Games
2013-05-27 17:26:01 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-05-27 17:22:49 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\TeamViewer
2013-05-27 17:00:16 -------- d-----w- C:\Program Files (x86)\Aeria Games
2013-05-27 16:47:40 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Local\Akamai
2013-05-27 16:47:38 -------- d-----w- C:\AeriaGames
2013-05-26 09:34:07 -------- d-----w- C:\Program Files\Nightly
2013-05-26 09:25:12 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-05-26 09:01:29 2871808 ----a-w- C:\Windows\explorer.exe
2013-05-26 06:11:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-26 06:07:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-26 06:07:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-25 06:49:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-25 06:49:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-25 06:48:57 -------- d-----w- C:\SMCLPAV
2013-05-25 06:28:20 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-05-25 06:28:19 446464 ----a-w- C:\Windows\SysWow64\HHActiveX.dll
2013-05-25 06:28:19 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\Panda Security
2013-05-25 06:28:19 -------- d-----w- C:\ProgramData\Panda Security
2013-05-25 05:56:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-25 05:56:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-16 14:27:28 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\OBS
2013-05-16 14:27:26 -------- d-----w- C:\Program Files (x86)\OBS
2013-05-14 20:05:24 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\PureEdge
2013-05-14 20:05:18 -------- d-----w- C:\ProgramData\PureEdge
2013-05-14 20:05:18 -------- d-----w- C:\Program Files (x86)\IBM
2013-05-10 09:38:17 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Local\SplitMediaLabs
2013-05-10 09:37:49 -------- d-----w- C:\ProgramData\SplitMediaLabs
2013-05-10 09:37:49 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2013-05-10 09:37:37 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\SplitMediaLabs
2013-05-07 15:57:15 -------- d-----w- C:\Windows\MRLH
2013-05-05 07:17:56 -------- d-----w- C:\Program Files (x86)\Antichamber
2013-04-30 05:03:58 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
.
==================== Find3M ====================
.
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-03 03:03:00 74456 ----a-w- C:\Windows\System32\drivers\RzFilter.sys
2013-05-03 03:03:00 128856 ----a-w- C:\Windows\System32\drivers\RzDxgk.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-23 00:53:40 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 12:05:36.54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/2013 4:02:55 PM
System Uptime: 5/28/2013 11:46:45 AM (1 hours ago)
.
Motherboard: EVGA | | X58 SLI FTW3
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | Socket 423 | 3060/146mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 15.095 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM ()
H: is FIXED (NTFS) - 1723 GiB total, 213.874 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Marvell 91xx Config ATA Device
Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&36D6A620&0& 7.0.0
Manufacturer:
Name: Marvell 91xx Config ATA Device
PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&36D6A620&0& 7.0.0
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_03\4&1F0A11FA&0&0010
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_03\4&1F0A11FA&0&0010
Service:
.
==== System Restore Points ===================
.
RP55: 5/26/2013 1:52:17 AM - Installed UxStyle Core Beta
.
==== Installed Programs ======================
.
7-Zip 9.20
AC3Filter 2.5b
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Aeria Ignite
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Bass Audio Decoder (remove only)
Bastion
BioShock Infinite
Bonjour
CD Audio Reader Filter (remove only)
Cheat Engine 6.2
Combined Community Codec Pack 2013-04-20
Core Temp version 0.99.7
DCoder Image Source (remove only)
DirectVobSub (remove only)
DScaler 5 Mpeg Decoders
Dungeon Defenders
Explorer Suite III
ffdshow v1.2.4453 [2012-05-21]
FFMPEG Core Files (remove only)
Fraps
Gabest MPEG Splitter (remove only)
Google Chrome
Haali Media Splitter
HxD Hex Editor version 1.7.7.0
IBM Forms Viewer 4.0.0
ILLUSION BotuPlay
IrfanView (remove only)
iTunes
LAV Filters 0.55.3
League of Legends
Logitech Gaming Software
Logitech Gaming Software 8.40
MadVR (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
MediaFire Express
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft AppLocale
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Application Compatibility Database
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MotioninJoy ds3 driver version 0.6.0003
My Game Long Name
Nexon Game Manager
Nightly 24.0a1 (x64 en-US)
NVIDIA Control Panel 314.07
NVIDIA Graphics Driver 314.07
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.12.12
NVIDIA Update Components
Open Broadcaster Software
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paragon Partition Manager 9.0 Professional
Password Depot 6 - Panda Secure Vault Edition
Path of Exile
PowerISO
RaidCall
RapeLay
Razer Comms
Razer Core
Razer Lycosa
Realtek High Definition Audio Driver
Resident Evil 5
Scarlet Blade
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype? 4.2
Soluto
Spybot - Search & Destroy
Steam
Super Hexagon
TeamViewer 8
Trillian
UNDEROID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UxStyle Core Beta
Vindictus
Windows Live ID Sign-in Assistant
WinRAR 4.00 (64-bit)
XSplit
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu Soluto spldr tdx Wanarpv6 WfpLwf
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:41:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswTdi aswVmm Soluto spldr
5/28/2013 7:39:59 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
5/28/2013 7:39:59 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
5/28/2013 7:38:19 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/28/2013 7:28:02 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/28/2013 11:48:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
5/28/2013 11:48:00 AM, Error: Service Control Manager [7000] - The WinRing0_1_2_0 service failed to start due to the following error: The system cannot find the file specified.
5/28/2013 11:48:00 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/28/2013 11:47:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
5/28/2013 11:47:28 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/26/2013 2:20:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2013 2:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/26/2013 2:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/26/2013 2:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/26/2013 2:13:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/26/2013 2:09:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/25/2013 3:13:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
5/25/2013 2:18:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/25/2013 11:04:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/25/2013 11:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/25/2013 11:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/25/2013 11:04:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\052513-8080-01.dmp. Report Id: 052513-8080-01.
5/25/2013 1:43:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
5/25/2013 1:43:32 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/25/2013 1:43:26 PM, Error: Service Control Manager [7034] - The Razer Overlay Subsystem Emergency Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:42:51 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/25/2013 1:42:36 PM, Error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:42:35 PM, Error: Service Control Manager [7034] - The Soluto Launcher Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:42:22 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/25/2013 1:34:16 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:34:08 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/25/2013 1:34:04 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:33:58 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
5/24/2013 11:50:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/24/2013 11:48:57 PM, Error: Service Control Manager [7030] - The Panda Security Generic Uninstaller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy pavboot Psched rdbss SCDEmu Soluto spldr tdx Wanarpv6 WfpLwf
5/24/2013 11:35:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Panda PSK service service to connect.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7001] - The Panda TPSrv service depends on the Panda PSK service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7001] - The Panda anti-virus service service depends on the Panda PSK service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7000] - The Panda PSK service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2013 11:33:17 PM, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/24/2013 11:31:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/24/2013 11:30:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Panda Software Controller with arguments "" in order to run the server: {1D13E84F-91EE-45C7-9656-A05E3417B4D5}
5/24/2013 11:05:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu Soluto spldr tdx Wanarpv6 WfpLwf
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-28 12:12:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 OCZ-VERTEX4 rev.1.5 119.24GB
Running: zq6q1l1j.exe; Driver: C:\Users\MUUNIA~1.0\AppData\Local\Temp\awworkob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!EngSetLastError + 148 fffff96000154b58 8 bytes [40, AB, 87, 02, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngSetLastError + 624 fffff96000154d34 8 bytes [2C, 9A, 87, 02, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000184000 7 bytes [80, 93, F3, FF, 01, 9D, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000184008 3 bytes [C0, 06, 02]
.text ... * 111
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 424 fffff960002429f8 6 bytes {JMP QWORD [RIP-0xba276]}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\services.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[964] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010019075c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001903a4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100190b14
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100190ecc
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010019163c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100191284
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001919f4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001002f075c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002f03a4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001002f0b14
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001002f0ecc
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001002f163c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001002f1284
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002f19f4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100121014
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100120a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100120c0c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100120e10
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100120600
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010018075c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001803a4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100180b14
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100180ecc
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010018163c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100181284
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001819f4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010019075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001903a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100190b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100190ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010019163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100191284
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001919f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001003b1014
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001003b0804
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001003b0a08
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001003b0c0c
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001003b0e10
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001003b01f8
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001003b03fc
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001003b0600
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001003c01f8
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001003c03fc
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001003c0804
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001003c0600
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001003c0a08
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77]
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77]
.text ... * 2
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100091014
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100090804
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100090a08
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100090c0c
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100090e10
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001000901f8
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001000903fc
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100090600
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001001501f8
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001001503fc
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100150804
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100150600
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001002d1014
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001002d0804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001002d0a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001002d0c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001002d0e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002d01f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002d03fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001002d0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010032075c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001003203a4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100320b14
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100320ecc
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010032163c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100321284
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001003219f4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77]
.text ... * 2
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002b01f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002b03fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001002b0804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001002b0600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001002b0a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001002c1014
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001002c0804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001002c0a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001002c0c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001002c0e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002c01f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002c03fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001002c0600
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100441284
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001000d1014
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001000d0804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001000d0a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001000d0c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001000d0e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001000d01f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001000d03fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001000d0600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001000e01f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001000e03fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001000e0804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001000e0600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001000e0a08
? C:\Windows\system32\iertutil.dll [3320] entry point in ".rdata" section 0000000076855251
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010041075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004103a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100410b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100410ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010041163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100411284
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004119f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001002c075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002c03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001002c0b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001002c0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001002c163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001002c1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002c19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010027075c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002703a4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100270b14
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100270ecc
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010027163c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100271284
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002719f4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010048075c
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004803a4
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100480b14
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100480ecc
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010048163c
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100481284
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004819f4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010017075c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001703a4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100170b14
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100170ecc
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010017163c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100171284
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001719f4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010020075c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002003a4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100200b14
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100200ecc
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010020163c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100201284
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002019f4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5100] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010027075c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002703a4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100270b14
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100270ecc
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010027163c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100271284
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002719f4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001003a075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001003a03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001003a0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001003a0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001003a163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001003a1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001003a19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010023075c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002303a4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100230b14
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100230ecc
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010023163c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100231284
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002319f4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010040075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004003a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100400b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100400ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010040163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100401284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004019f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001001c075c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001c03a4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001001c0b14
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001001c0ecc
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001001c163c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001001c1284
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001c19f4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001003a075c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001003a03a4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001003a0b14
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001003a0ecc
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001003a163c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001003a1284
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001003a19f4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001001d1014
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001001d0804
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001001d0a08
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001001d0c0c
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001001d0e10
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001001d01f8
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001001d03fc
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001001d0600
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001001e01f8
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001001e03fc
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001001e0804
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001001e0600
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001001e0a08
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 14
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 60098
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 14
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 60098
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
---- EOF - GMER 2.1 ----
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 4
RAM: 16375 Mb
Graphics Card: NVIDIA GeForce GTX 480, 1535 Mb
Hard Drives: (ssd) C: Total - 122001 MB, Free - 15464 MB; (was external hdd, now internal) H: Total - 1764710 MB, Free - 219007 MB;
Motherboard: EVGA, X58 SLI FTW3
Antivirus: None
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:04:35 PM, on 5/28/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\MuuniaPC2.0\procexp.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Users\MuuniaPC2.0\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4085284437-476141492-3903469175-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4085284437-476141492-3903469175-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: procexp.lnk = MuuniaPC2.0\procexp.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7629 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483
Run by MuuniaPC2.0 at 12:05:26 on 2013-05-28
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.16375.13543 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\soluto\soluto.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\MuuniaPC2.0\procexp.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\MuuniaPC2.0\procexp64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\PCMeter\PCMeterV0.3.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\RaidCall\raidcall.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Nightly\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.my.af.mil/faf/FAF/fafHome.jsp
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\MUUNIA~1.0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Star tup\procexp.lnk - C:\Users\MuuniaPC2.0\procexp.exe
StartupFolder: C:\Users\MUUNIA~1.0\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Star tup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{37D127A6-6DBC-493B-9B87-9B114D877A8F} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Notify: avldr - avldr64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?hl=en-GB&q=
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}\components\IDfXpCom.dll
FF - plugin: C:\Users\MuuniaPC2.0\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3 .dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll
FF - ExtSQL: 2013-04-09 12:22; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-04-09 12:22; artur.dubovoy@gmail.com; C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-05-15 02:34; jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack; C:\Users\MuuniaPC2.0\AppData\Roaming\Mozilla\Firefox\Profiles\8za59vib.defa ult\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-24 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-24 189936]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-4-23 74456]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-2-27 54728]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-24 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-24 378432]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-24 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-24 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-24 46808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-24 701512]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-5-2 31448]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-2-26 182336]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-2-26 699968]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-27 3574624]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2013-2-27 28928]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-24 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 539240]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-4-23 128856]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2013-2-27 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-25 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-25 1033688]
S3 CEDRIVER60;CEDRIVER60;C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys [2013-2-27 62752]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-27 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-1-7 74112]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-25 171928]
S3 slb;slb;C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [2013-5-27 81880]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-2-26 1239552]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S4 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
.
=============== Created Last 30 ================
.
2013-05-28 14:49:09 867656 ----a-w- C:\Users\MuuniaPC2.0\procexp64.exe
2013-05-28 02:43:44 -------- d-----w- C:\Intel
2013-05-27 17:35:11 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Local\Aeria Games
2013-05-27 17:34:59 -------- d-----w- C:\ProgramData\Aeria Games
2013-05-27 17:26:01 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-05-27 17:22:49 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\TeamViewer
2013-05-27 17:00:16 -------- d-----w- C:\Program Files (x86)\Aeria Games
2013-05-27 16:47:40 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Local\Akamai
2013-05-27 16:47:38 -------- d-----w- C:\AeriaGames
2013-05-26 09:34:07 -------- d-----w- C:\Program Files\Nightly
2013-05-26 09:25:12 515584 ----a-w- C:\Windows\System32\timedate.cpl
2013-05-26 09:01:29 2871808 ----a-w- C:\Windows\explorer.exe
2013-05-26 06:11:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-26 06:07:38 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-26 06:07:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-25 06:49:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-25 06:49:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-25 06:48:57 -------- d-----w- C:\SMCLPAV
2013-05-25 06:28:20 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-05-25 06:28:19 446464 ----a-w- C:\Windows\SysWow64\HHActiveX.dll
2013-05-25 06:28:19 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\Panda Security
2013-05-25 06:28:19 -------- d-----w- C:\ProgramData\Panda Security
2013-05-25 05:56:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-25 05:56:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-16 14:27:28 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\OBS
2013-05-16 14:27:26 -------- d-----w- C:\Program Files (x86)\OBS
2013-05-14 20:05:24 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\PureEdge
2013-05-14 20:05:18 -------- d-----w- C:\ProgramData\PureEdge
2013-05-14 20:05:18 -------- d-----w- C:\Program Files (x86)\IBM
2013-05-10 09:38:17 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Local\SplitMediaLabs
2013-05-10 09:37:49 -------- d-----w- C:\ProgramData\SplitMediaLabs
2013-05-10 09:37:49 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2013-05-10 09:37:37 -------- d-----w- C:\Users\MuuniaPC2.0\AppData\Roaming\SplitMediaLabs
2013-05-07 15:57:15 -------- d-----w- C:\Windows\MRLH
2013-05-05 07:17:56 -------- d-----w- C:\Program Files (x86)\Antichamber
2013-04-30 05:03:58 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
.
==================== Find3M ====================
.
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-03 03:03:00 74456 ----a-w- C:\Windows\System32\drivers\RzFilter.sys
2013-05-03 03:03:00 128856 ----a-w- C:\Windows\System32\drivers\RzDxgk.sys
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-23 00:53:40 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 12:05:36.54 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/2013 4:02:55 PM
System Uptime: 5/28/2013 11:46:45 AM (1 hours ago)
.
Motherboard: EVGA | | X58 SLI FTW3
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | Socket 423 | 3060/146mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 15.095 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM ()
H: is FIXED (NTFS) - 1723 GiB total, 213.874 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Marvell 91xx Config ATA Device
Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&36D6A620&0& 7.0.0
Manufacturer:
Name: Marvell 91xx Config ATA Device
PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&36D6A620&0& 7.0.0
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_03\4&1F0A11FA&0&0010
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_00000000&REV_03\4&1F0A11FA&0&0010
Service:
.
==== System Restore Points ===================
.
RP55: 5/26/2013 1:52:17 AM - Installed UxStyle Core Beta
.
==== Installed Programs ======================
.
7-Zip 9.20
AC3Filter 2.5b
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Aeria Ignite
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Bass Audio Decoder (remove only)
Bastion
BioShock Infinite
Bonjour
CD Audio Reader Filter (remove only)
Cheat Engine 6.2
Combined Community Codec Pack 2013-04-20
Core Temp version 0.99.7
DCoder Image Source (remove only)
DirectVobSub (remove only)
DScaler 5 Mpeg Decoders
Dungeon Defenders
Explorer Suite III
ffdshow v1.2.4453 [2012-05-21]
FFMPEG Core Files (remove only)
Fraps
Gabest MPEG Splitter (remove only)
Google Chrome
Haali Media Splitter
HxD Hex Editor version 1.7.7.0
IBM Forms Viewer 4.0.0
ILLUSION BotuPlay
IrfanView (remove only)
iTunes
LAV Filters 0.55.3
League of Legends
Logitech Gaming Software
Logitech Gaming Software 8.40
MadVR (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300
MediaFire Express
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft AppLocale
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Application Compatibility Database
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MotioninJoy ds3 driver version 0.6.0003
My Game Long Name
Nexon Game Manager
Nightly 24.0a1 (x64 en-US)
NVIDIA Control Panel 314.07
NVIDIA Graphics Driver 314.07
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.12.12
NVIDIA Update Components
Open Broadcaster Software
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paragon Partition Manager 9.0 Professional
Password Depot 6 - Panda Secure Vault Edition
Path of Exile
PowerISO
RaidCall
RapeLay
Razer Comms
Razer Core
Razer Lycosa
Realtek High Definition Audio Driver
Resident Evil 5
Scarlet Blade
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype? 4.2
Soluto
Spybot - Search & Destroy
Steam
Super Hexagon
TeamViewer 8
Trillian
UNDEROID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UxStyle Core Beta
Vindictus
Windows Live ID Sign-in Assistant
WinRAR 4.00 (64-bit)
XSplit
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu Soluto spldr tdx Wanarpv6 WfpLwf
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:42:01 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2013 7:41:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswTdi aswVmm Soluto spldr
5/28/2013 7:39:59 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
5/28/2013 7:39:59 AM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
5/28/2013 7:38:19 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/28/2013 7:28:02 AM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/28/2013 11:48:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
5/28/2013 11:48:00 AM, Error: Service Control Manager [7000] - The WinRing0_1_2_0 service failed to start due to the following error: The system cannot find the file specified.
5/28/2013 11:48:00 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/28/2013 11:47:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
5/28/2013 11:47:28 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/26/2013 2:20:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2013 2:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/26/2013 2:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/26/2013 2:20:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/26/2013 2:13:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/26/2013 2:09:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/25/2013 3:13:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
5/25/2013 2:18:11 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/25/2013 11:04:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/25/2013 11:04:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/25/2013 11:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/25/2013 11:04:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\052513-8080-01.dmp. Report Id: 052513-8080-01.
5/25/2013 1:43:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
5/25/2013 1:43:32 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/25/2013 1:43:26 PM, Error: Service Control Manager [7034] - The Razer Overlay Subsystem Emergency Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:42:51 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/25/2013 1:42:36 PM, Error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:42:35 PM, Error: Service Control Manager [7034] - The Soluto Launcher Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:42:22 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/25/2013 1:34:16 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:34:08 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/25/2013 1:34:04 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
5/25/2013 1:33:58 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
5/24/2013 11:50:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/24/2013 11:48:57 PM, Error: Service Control Manager [7030] - The Panda Security Generic Uninstaller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy pavboot Psched rdbss SCDEmu Soluto spldr tdx Wanarpv6 WfpLwf
5/24/2013 11:35:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Panda PSK service service to connect.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7001] - The Panda TPSrv service depends on the Panda PSK service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7001] - The Panda anti-virus service service depends on the Panda PSK service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2013 11:35:05 PM, Error: Service Control Manager [7000] - The Panda PSK service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/24/2013 11:33:17 PM, Error: Service Control Manager [7030] - The Panda Software Controller service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/24/2013 11:31:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/24/2013 11:30:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service Panda Software Controller with arguments "" in order to run the server: {1D13E84F-91EE-45C7-9656-A05E3417B4D5}
5/24/2013 11:05:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu Soluto spldr tdx Wanarpv6 WfpLwf
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-28 12:12:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 OCZ-VERTEX4 rev.1.5 119.24GB
Running: zq6q1l1j.exe; Driver: C:\Users\MUUNIA~1.0\AppData\Local\Temp\awworkob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!EngSetLastError + 148 fffff96000154b58 8 bytes [40, AB, 87, 02, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngSetLastError + 624 fffff96000154d34 8 bytes [2C, 9A, 87, 02, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000184000 7 bytes [80, 93, F3, FF, 01, 9D, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000184008 3 bytes [C0, 06, 02]
.text ... * 111
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 424 fffff960002429f8 6 bytes {JMP QWORD [RIP-0xba276]}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\services.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[964] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1132] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1836] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010019075c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001903a4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100190b14
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100190ecc
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010019163c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100191284
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001919f4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\taskhost.exe[2840] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001002f075c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002f03a4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001002f0b14
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001002f0ecc
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001002f163c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001002f1284
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002f19f4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\Dwm.exe[3040] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100121014
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100120a08
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100120c0c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100120e10
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2240] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100120600
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text c:\program files\soluto\soluto.exe[2248] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010018075c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001803a4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100180b14
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100180ecc
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010018163c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100181284
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001819f4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\Explorer.EXE[2324] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010019075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001903a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100190b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100190ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010019163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100191284
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001919f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3036] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001003b1014
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001003b0804
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001003b0a08
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001003b0c0c
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001003b0e10
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001003b01f8
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001003b03fc
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001003b0600
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001003c01f8
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001003c03fc
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001003c0804
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001003c0600
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001003c0a08
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77]
.text C:\Program Files (x86)\uTorrent\uTorrent.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77]
.text ... * 2
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100091014
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100090804
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100090a08
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100090c0c
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100090e10
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001000901f8
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001000903fc
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100090600
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001001501f8
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001001503fc
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100150804
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100150600
.text C:\Users\MuuniaPC2.0\procexp.exe[2508] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001002d1014
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001002d0804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001002d0a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001002d0c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001002d0e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002d01f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002d03fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe[2972] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001002d0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2464] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010032075c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001003203a4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100320b14
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100320ecc
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010032163c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100321284
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001003219f4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Users\MuuniaPC2.0\procexp64.exe[2496] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2584] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77]
.text ... * 2
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002b01f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002b03fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001002b0804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001002b0600
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001002b0a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001002c1014
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001002c0804
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001002c0a08
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001002c0c0c
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001002c0e10
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002c01f8
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002c03fc
.text C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe[2412] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001002c0600
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100441284
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Soluto\SolutoLauncherService.exe[3792] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\svchost.exe[2420] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001000d1014
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001000d0804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001000d0a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001000d0c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001000d0e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001000d01f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001000d03fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001000d0600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001000e01f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001000e03fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001000e0804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001000e0600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[3320] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001000e0a08
? C:\Windows\system32\iertutil.dll [3320] entry point in ".rdata" section 0000000076855251
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010041075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004103a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100410b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100410ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010041163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100411284
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004119f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2748] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001002c075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002c03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001002c0b14
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001002c0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001002c163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001002c1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002c19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\wbem\wmiprvse.exe[2732] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010027075c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002703a4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100270b14
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100270ecc
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010027163c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100271284
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002719f4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\taskeng.exe[3856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010048075c
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004803a4
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100480b14
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100480ecc
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010048163c
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100481284
.text C:\PCMeter\PCMeterV0.3.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004819f4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010017075c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001703a4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100170b14
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100170ecc
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010017163c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100171284
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001719f4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Core Temp\Core Temp.exe[1980] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010020075c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002003a4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100200b14
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100200ecc
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010020163c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100201284
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002019f4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\SearchIndexer.exe[4428] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\svchost.exe[4904] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5100] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010027075c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002703a4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100270b14
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100270ecc
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010027163c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100271284
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002719f4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\System32\svchost.exe[1780] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\DllHost.exe[5396] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771f1465 2 bytes [1F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771f14bb 2 bytes [1F, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4684] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001003a075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001003a03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001003a0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001003a0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001003a163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001003a1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001003a19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5532] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1060] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010023075c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001002303a4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100230b14
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100230ecc
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010023163c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100231284
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001002319f4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\nvvsvc.exe[2892] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 000000010040075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001004003a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 0000000100400b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 0000000100400ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 000000010040163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 0000000100401284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001004019f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[124] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001001c075c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001001c03a4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001001c0b14
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001001c0ecc
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001001c163c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001001c1284
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001001c19f4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\system32\nvvsvc.exe[5520] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077063ae0 5 bytes JMP 00000001003a075c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077067a90 5 bytes JMP 00000001003a03a4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077091490 5 bytes JMP 00000001003a0b14
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770914f0 5 bytes JMP 00000001003a0ecc
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770915d0 5 bytes JMP 00000001003a163c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077091810 5 bytes JMP 00000001003a1284
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077092840 5 bytes JMP 00000001003a19f4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e1eecd 1 byte [62]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Program Files\Logitech Gaming Software\LCore.exe[5768] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff0d6e00 5 bytes JMP 000007ff7f0f1dac
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff0d6f2c 5 bytes JMP 000007ff7f0f0ecc
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff0d7220 5 bytes JMP 000007ff7f0f1284
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff0d739c 5 bytes JMP 000007ff7f0f163c
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff0d7538 5 bytes JMP 000007ff7f0f19f4
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff0d75e8 5 bytes JMP 000007ff7f0f03a4
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff0d790c 5 bytes JMP 000007ff7f0f075c
.text C:\Windows\System32\svchost.exe[5620] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff0d7ab4 5 bytes JMP 000007ff7f0f0b14
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007723faa0 5 bytes JMP 0000000100030600
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007723fb38 5 bytes JMP 0000000100030804
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007723fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077240018 5 bytes JMP 0000000100030a08
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077241900 5 bytes JMP 0000000100030e10
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725c45a 5 bytes JMP 00000001000301f8
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077261217 5 bytes JMP 00000001000303fc
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007653a30a 1 byte [62]
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075e05181 5 bytes JMP 00000001001d1014
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075e05254 5 bytes JMP 00000001001d0804
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075e053d5 5 bytes JMP 00000001001d0a08
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075e054c2 5 bytes JMP 00000001001d0c0c
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075e055e2 5 bytes JMP 00000001001d0e10
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075e0567c 5 bytes JMP 00000001001d01f8
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075e0589f 5 bytes JMP 00000001001d03fc
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075e05a22 5 bytes JMP 00000001001d0600
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007662ee09 5 bytes JMP 00000001001e01f8
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076633982 5 bytes JMP 00000001001e03fc
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076637603 5 bytes JMP 00000001001e0804
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007663835c 5 bytes JMP 00000001001e0600
.text C:\Users\MuuniaPC2.0\Desktop\zq6q1l1j.exe[3172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007664f52b 5 bytes JMP 00000001001e0a08
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 14
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 60098
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 14
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 60098
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
---- EOF - GMER 2.1 ----