Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Member
    Join Date
    Dec 2011
    Posts
    4
    Points
    0

    Default Windows has encountered a problem...

    Friends: I am having this problem with Windows crashing often with random error messages. The latest one is blaming a file mshtml.dll for causing the crash. I reinstalled Windows XP Pro, then installed Service Pack 3. Same problem. Ran many scans with Malware Bytes and SuperAntispyware with no success. Please help me fix this if you can. Thank you.


    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8356

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    12/12/2011 9:47:55 AM
    mbam-log-2011-12-12 (09-47-19).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 270642
    Time elapsed: 57 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/12/2011 at 10:48 AM

    Application Version : 4.36.1006

    Core Rules Database Version : 8038
    Trace Rules Database Version: 5850

    Scan type : Complete Scan
    Total Scan Time : 00:56:14

    Memory items scanned : 577
    Memory threats detected : 0
    Registry items scanned : 7984
    Registry threats detected : 3
    File items scanned : 32393
    File threats detected : 25

    Adware.Tracking Cookie
    C:\Documents and Settings\Fazela\Cookies\fazela@bellcan.adbureau[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@legolas-media[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@invitemedia[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@rts.pgmediaserve[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@2o7[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@ad.yieldmanager[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@microsoftsto.112.2o7[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@serving-sys[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@adserver.adtechus[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@tacoda.at.atwola[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@atdmt[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@collective-media[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@sympatico.112.2o7[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@microsoftinternetexplorer.112.2o7[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@pro-market[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@atdmt.combing[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@adbrite[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@at.atwola[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@media6degrees[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@kontera[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@revsci[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@ru4[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@ar.atwola[1].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@partypoker[2].txt
    C:\Documents and Settings\Fazela\Cookies\fazela@www.partypoker[1].txt

    Disabled.SecurityCenterOption
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
    HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:23:36 AM, on 12/12/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Nexon\MapleStory\npkcmsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Macrium Reflect Free\ReflectService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Fazela\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?e4b23bd0b5ec4cd1a429ca8bc7552c68
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?e4b23bd0b5ec4cd1a429ca8bc7552c68
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: my.magicjack.com
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1323541285593
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1323541223000
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/p...l/MSNPUpld.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: 0060701201636616mcinstcleanup - - (no file)
    O23 - Service: 0210201202775077mcinstcleanup - - (no file)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: bdss - Broadcom Corporation - (no file)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Macrium Reflect Free\ReflectService.exe
    O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
    O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

    --
    End of file - 11554 bytes

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    Are you still there?

    If you are please follow the instructions in my previous post.

    If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

    Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

    Thanks for understanding

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. #4
    Member
    Join Date
    Dec 2011
    Posts
    4
    Points
    0

    Default

    fireman4it: Thanks for the response. I realise you guys are busy helping other people. I was advised to copy the mshtml.dll file from dllcache to my System32 folder and also IE7 folder. This I did and the problem became less but did not go away. I will get some time on the weekend to do those scans, if that is OK. Merry Christmas!

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    This topic has been re-opened per user's request.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Dec 2011
    Posts
    4
    Points
    0

    Default

    fireman4it: Thanks for reopening the thread. Here are the scans:

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-12-30 10:42:42
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500418AS rev.CC37
    Running: gmer.exe; Driver: C:\DOCUME~1\Fazela\LOCALS~1\Temp\pwrcqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF49EAFC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF4AC7510]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF4A0E6A9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF49ED456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF49ED4AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF49ED5C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF4A0E05D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF49ED3AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF49ED4FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF49ED400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF49ED572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF49EAFE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF4A0ED6F]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF4A0F025]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF49ED848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF4A0EBDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF4A0EA45]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF4AC75C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF49EADB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF49EB00C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF49ED9BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF49EBAA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF49ED486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF49ED4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF49ED5EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF4A0E3B9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF49ED3D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF49ED680]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF49ED53E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF49ED42E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF49ED764]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF49ED59C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF4AC7658]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF4A0E8C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF49EB96A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF4A0E712]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF4ACF9E6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF4A0D6D0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF49EB030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF49EB054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF49EAE0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF49EAF48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF4A0EE76]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF49EAF24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF49EAF6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF49EB078]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF4ADB7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 16A 804E4994 4 Bytes [E8, AF, 9E, F4]
    .text ntoskrnl.exe!ZwYieldExecution + 19A 804E49C4 4 Bytes JMP D3F1F4A0
    .text ntoskrnl.exe!ZwYieldExecution + 2F6 804E4B20 4 Bytes CALL D7233FC5
    PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F4ADA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80575B10 4 Bytes CALL F49EC00F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP F4ADB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A62 5 Bytes JMP F4AD869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF634A380, 0x346307, 0xE8000020]
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP F49EDAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 7657 BF82868B 2 Bytes JMP F49EDB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 765A BF82868E 2 Bytes [1C, 35] {SBB AL, 0x35}
    .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP F49EDC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP F49EDABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP F49EDF76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP F49EDDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP F49EDFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP F49EDCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP F49ED9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP F49EDD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP F49EDD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP F49EDB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP F49EDC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP F49EE0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\spoolsv.exe[304] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[304] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[304] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\smss.exe[588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\DOCUME~1\Fazela\LOCALS~1\Temp\gmer.exe[656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\DOCUME~1\Fazela\LOCALS~1\Temp\gmer.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\services.exe[720] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[720] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\WINDOWS\Explorer.EXE[1372] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1372] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[1372] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1536] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00371014
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00370804
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00370A08
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00370C0C
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00370E10
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003701F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003703FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00370600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\rundll32.exe[1664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[1664] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\dllhost.exe[2480] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\dllhost.exe[2480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2480] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\dllhost.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\dllhost.exe[2984] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\dllhost.exe[2984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2984] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\dllhost.exe[2984] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\msdtc.exe[3276] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\msdtc.exe[3276] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\msdtc.exe[3276] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\msdtc.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\PROGRA~1\Filzip\Filzip.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\PROGRA~1\Filzip\Filzip.exe[3672] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 86F37464

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Fastfat \FatCdrom 86C0E53C

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Cdrom \Device\CdRom0 86BCE008
    Device \FileSystem\Rdbss \Device\FsWrap 86AB01E4
    Device \Driver\Cdrom \Device\CdRom1 86BCE008
    Device 86BAECB0
    Device \Driver\atapi \Device\Ide\IdePort0 86BAECB0
    Device \Driver\atapi \Device\Ide\IdePort1 86BAECB0
    Device \FileSystem\Srv \Device\LanmanServer 86C4966C

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BC2214
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BC2214
    Device \FileSystem\Npfs \Device\NamedPipe 86BCFF5C
    Device \FileSystem\Msfs \Device\Mailslot 86EB6F5C
    Device \FileSystem\cdudf_xp \Device\CdUdf_XP 86EAD34C
    Device \Driver\USBSTOR \Device\0000008b 86F72CE8
    Device \Driver\USBSTOR \Device\0000008c 86F72CE8
    Device \Driver\USBSTOR \Device\0000008d 86F72CE8
    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Fastfat \Fat 86C0E53C

    AttachedDevice \FileSystem\Fastfat \Fat tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86BD53D4
    Device \FileSystem\Cdfs \Cdfs 86C4CCEC

    ---- Modules - GMER 1.0.15 ----

    Module _________ F7356000-F736E000 (98304 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

    ---- EOF - GMER 1.0.15 ----


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:41:41 PM, on 12/28/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Nexon\MapleStory\npkcmsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Macrium Reflect Free\ReflectService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Fazela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Fazela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Fazela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = BBC - Homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Internet Explorer downloads - Microsoft Windows
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Fazela\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
    O4 - Global Startup: setup.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O15 - Trusted Zone: Bitsnoop P2P Search - 16.4 Million Valid Torrents
    O15 - Trusted Zone: http://*.bitsnoop.com
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1323541285593
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1323541223000
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/p...l/MSNPUpld.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: 0060701201636616mcinstcleanup - - (no file)
    O23 - Service: 0210201202775077mcinstcleanup - - (no file)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: bdss - Broadcom Corporation - (no file)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Macrium Reflect Free\ReflectService.exe
    O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
    O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

    --
    End of file - 12319 bytes


    Hope these scans shed some light on my problem. Happy New Year!

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    I see no DDS log. You have uploaded the HijackThis log. Please read my previous instructions again and post the DDS log.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    Dec 2011
    Posts
    4
    Points
    0

    Default

    fireman4it: Sorry, those were the wrong scans. Here are the requested scans:

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-12-30 10:42:42
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500418AS rev.CC37
    Running: gmer.exe; Driver: C:\DOCUME~1\Fazela\LOCALS~1\Temp\pwrcqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF49EAFC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF4AC7510]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF4A0E6A9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF49ED456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF49ED4AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF49ED5C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF4A0E05D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF49ED3AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF49ED4FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF49ED400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF49ED572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF49EAFE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF4A0ED6F]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF4A0F025]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF49ED848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF4A0EBDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF4A0EA45]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF4AC75C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF49EADB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF49EB00C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF49ED9BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF49EBAA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF49ED486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF49ED4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF49ED5EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF4A0E3B9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF49ED3D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF49ED680]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF49ED53E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF49ED42E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF49ED764]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF49ED59C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF4AC7658]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF4A0E8C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF49EB96A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF4A0E712]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF4ACF9E6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF4A0D6D0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF49EB030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF49EB054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF49EAE0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF49EAF48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF4A0EE76]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF49EAF24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF49EAF6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF49EB078]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF4ADB7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 16A 804E4994 4 Bytes [E8, AF, 9E, F4]
    .text ntoskrnl.exe!ZwYieldExecution + 19A 804E49C4 4 Bytes JMP D3F1F4A0
    .text ntoskrnl.exe!ZwYieldExecution + 2F6 804E4B20 4 Bytes CALL D7233FC5
    PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F4ADA15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80575B10 4 Bytes CALL F49EC00F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7CD 7 Bytes JMP F4ADB7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A62 5 Bytes JMP F4AD869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF634A380, 0x346307, 0xE8000020]
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP F49EDAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 7657 BF82868B 2 Bytes JMP F49EDB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 765A BF82868E 2 Bytes [1C, 35] {SBB AL, 0x35}
    .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP F49EDC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP F49EDABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP F49EDF76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP F49EDDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP F49EDFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP F49EDCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP F49ED9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP F49EDD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP F49EDD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP F49EDB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP F49EDC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP F49EE0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\spoolsv.exe[304] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[304] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[304] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[304] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\System32\smss.exe[588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\DOCUME~1\Fazela\LOCALS~1\Temp\gmer.exe[656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\DOCUME~1\Fazela\LOCALS~1\Temp\gmer.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[676] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\services.exe[720] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[720] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[720] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[732] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[732] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[896] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1316] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\WINDOWS\Explorer.EXE[1372] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1372] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[1372] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[1372] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[1372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[1496] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1536] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\RUNDLL32.EXE[1560] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1568] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00371014
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00370804
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00370A08
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00370C0C
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00370E10
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003701F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003703FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00370600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Norton Ghost\Agent\VProSvc.exe[1588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\rundll32.exe[1664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[1664] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\rundll32.exe[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\rundll32.exe[1664] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Documents and Settings\Fazela\Application Data\mjusbsp\magicJack.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Nexon\MapleStory\npkcmsvc.exe[2160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[2196] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
    .text C:\Macrium Reflect Free\ReflectService.exe[2228] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[2424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2436] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\dllhost.exe[2480] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\dllhost.exe[2480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2480] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\dllhost.exe[2480] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\dllhost.exe[2480] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\dllhost.exe[2480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\dllhost.exe[2984] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\dllhost.exe[2984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2984] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\dllhost.exe[2984] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\dllhost.exe[2984] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\dllhost.exe[2984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe[3228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\msdtc.exe[3276] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\msdtc.exe[3276] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\system32\msdtc.exe[3276] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\msdtc.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\msdtc.exe[3276] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\msdtc.exe[3276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[3316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3316] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
    .text C:\PROGRA~1\Filzip\Filzip.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\PROGRA~1\Filzip\Filzip.exe[3672] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
    .text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 86F37464

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Fastfat \FatCdrom 86C0E53C

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Cdrom \Device\CdRom0 86BCE008
    Device \FileSystem\Rdbss \Device\FsWrap 86AB01E4
    Device \Driver\Cdrom \Device\CdRom1 86BCE008
    Device 86BAECB0
    Device \Driver\atapi \Device\Ide\IdePort0 86BAECB0
    Device \Driver\atapi \Device\Ide\IdePort1 86BAECB0
    Device \FileSystem\Srv \Device\LanmanServer 86C4966C

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BC2214
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BC2214
    Device \FileSystem\Npfs \Device\NamedPipe 86BCFF5C
    Device \FileSystem\Msfs \Device\Mailslot 86EB6F5C
    Device \FileSystem\cdudf_xp \Device\CdUdf_XP 86EAD34C
    Device \Driver\USBSTOR \Device\0000008b 86F72CE8
    Device \Driver\USBSTOR \Device\0000008c 86F72CE8
    Device \Driver\USBSTOR \Device\0000008d 86F72CE8
    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Fastfat \Fat 86C0E53C

    AttachedDevice \FileSystem\Fastfat \Fat tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86BD53D4
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86BD53D4
    Device \FileSystem\Cdfs \Cdfs 86C4CCEC

    ---- Modules - GMER 1.0.15 ----

    Module _________ F7356000-F736E000 (98304 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

    ---- EOF - GMER 1.0.15 ----
    Attached Files

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    I don't see anything in your logs that would indicate malware but we will run a couple of things and see what they find.


    1.
    We need to check your hard disk for errors.

    To check the volume for errors:
    • Click start and then My Computer.
    • Right click the drive C and select Properties.
    • Under Tools tab press Check Now...
    • Put a check mark in both items and press start.
    • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.

    *NOTE: This scan could take along time to complete, but let it finish.


    2.
    You may have corrupt critical system files. Let's see if we can fix that.

    1. Select Start
    2. Select All Programs
    3. Select Accessories
    4. Right click Command Prompt



    • Type in sfc /scannow in the command window and press enter.
    • Note the space between the c and the /
    • If any files require replacing SFC will replace them. You may be asked to insert your Windows Xp CD for this process to continue. This can be done with a borrowed Xp Cd if you don't have one.
    • Be patient because the scan may take some time.
    • Allow the scan to run and when completed, reboot the system.



    3.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    4.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is the machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 2 12 LastLast