Tech Support Forum banner

Regedit.exe infected and slowed down pc work

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
9

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 · (Edited by Moderator)
Hello. I need solution for my girl laptop and thanks very much for help at start.

It's started from that laptop start working slow next I do combofix - it's say that regedit.exe is infected. That problem was ignored for about month and yesterday she was surf on the internet and avast show that its block a trojan and next she want to open combofix to fix this and then avast show all the time alerts about "Pev.exe" and others files (sorry, I forget these names but was many number and letters with .pif). In menu start was a wierd problem, files was in a different order than before.

Here are logs from scanners.

--- DDS ---

DDS (Ver_11-03-05.01) - NTFSx86
Run by Noiresouris at 20:14:12,43 on 2011-03-25
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1526.1049 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
G:\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://twojastara/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [RocketDock] "c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe"
uRun: [AQQ] c:\progra~1\wapster\wapste~1\AQQ.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PC-Checkup] "c:\program files\pc-checkup\PCCheckUp.exe" -mini
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\noires~1\menust~1\programy\autost~1\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\noires~1\menust~1\programy\autost~1\transbar.lnk - c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\noires~1\daneap~1\mozilla\firefox\profiles\bg16oacq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\documents and settings\all users\dane aplikacji\gadu-gadu 10\_userdata\npgg.3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-19 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-3 301528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-13 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-3 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-3 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-31 136176]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-26 36640]
S3 RTL8187B;Realtek RTL8187B bezprzewodowe 802.11b/g 54Mbps USB 2.0 karta sieciowa ;c:\windows\system32\drivers\RTL8187B.sys [2010-5-24 341376]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
.
=============== Created Last 30 ================
.
2011-03-25 19:00:30 388096 ----a-r- c:\docume~1\noires~1\daneap~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-25 19:00:29 -------- d-----w- c:\program files\Trend Micro
2011-03-25 18:36:23 -------- d-s---w- C:\ComboFix
2011-03-25 18:26:38 546816 ----a-w- c:\program files\mozilla firefox\YCemSCi.exe
2011-03-23 19:04:29 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-23 19:04:28 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-23 19:04:28 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-23 19:04:28 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-23 19:04:28 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-23 19:04:27 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-23 19:04:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-23 19:04:26 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-19 11:43:08 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-19 10:51:47 -------- d-----w- c:\docume~1\noires~1\daneap~1\Malwarebytes
2011-03-19 10:51:24 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Malwarebytes
2011-03-17 09:52:49 -------- d-----w- c:\program files\Active GIF Creator 3.4
2011-03-14 15:10:41 -------- d-----w- C:\Nowy folder (2)
2011-03-13 15:36:31 -------- d-----w- c:\docume~1\noires~1\daneap~1\SPORE
2011-03-13 15:22:32 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-13 15:22:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-03 10:16:32 -------- d-----w- c:\docume~1\noires~1\daneap~1\Realore_Whiterra Roads Of Rome
2011-03-03 10:15:03 -------- d-----w- c:\program files\Roads of Rome
2011-03-01 18:29:17 -------- d-----w- c:\program files\Roads of Rome II
2011-03-01 18:15:56 -------- d-----w- c:\docume~1\noires~1\daneap~1\Realore_Whiterra ?????? ???? 2
2011-03-01 18:15:26 -------- d-----w- c:\program files\Games
2011-03-01 12:56:45 -------- d-----w- c:\docume~1\noires~1\daneap~1\Realore_Whiterra Roads Of Rome 2
2011-03-01 11:54:59 -------- d-----w- c:\docume~1\alluse~1\daneap~1\HipSoft
2011-03-01 11:40:47 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Big Fish Games
2011-03-01 11:40:38 -------- d-----w- c:\program files\bfgclient
2011-03-01 11:38:35 -------- d-----w- c:\docume~1\alluse~1\daneap~1\BigFishGamesCache
2011-02-27 18:05:44 -------- d-----w- c:\documents and settings\noiresouris\DoctorWeb
.
==================== Find3M ====================
.
2011-03-19 11:28:06 4290961 ----a-r- C:\ComboFix.exe
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2004-08-03 23:44:22 93184 --sha-w- c:\windows\bricopacks\sysfiles\79_iexplore.exe
2004-08-03 23:44:24 60928 --sha-w- c:\windows\bricopacks\sysfiles\80_msimn.exe
.
============= FINISH: 20:14:49,26 ===============
---GMER---

GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-26 07:56:10
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e TOSHIBA_MK2046GSX rev.LB013M
Running: gmer.exe; Driver: C:\DOCUME~1\NOIRES~1\USTAWI~1\Temp\pgldykog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA5DDB9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA5E58A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA5DFBAF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA5DDDEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA5DDDF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA5DDE01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA5DFB4A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA5DDDE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA5DDDF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA5DDDE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA5DDDFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA5DDB9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA5DFC1BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA5DFC471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA5DDE29E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA5DFC026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA5DFBE91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA5E58B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA5DDB7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA5DDBA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA5DDE412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA5DDC4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA5DDDEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA5DDDF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA5DDE044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA5DFB805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA5DDDE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA5DDE0D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA5DDDF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA5DDDE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA5DDE1BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA5DDDFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA5E58BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA5DFBD0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA5DDC370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA5DFBB5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA5E60E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA5DFAB1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA5DDBA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA5DDBA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA5DDB812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA5DDB94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA5DFC2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA5DDB92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA5DDB972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA5DDBA7E]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059A312 4 Bytes CALL A5DDCE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xA50D9F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\savedump.exe[612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\savedump.exe[612] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\savedump.exe[612] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\savedump.exe[612] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\savedump.exe[612] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\savedump.exe[612] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\savedump.exe[612] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\savedump.exe[612] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\lsass.exe[620] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\lsass.exe[620] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\lsass.exe[620] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\lsass.exe[620] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\lsass.exe[620] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\System32\svchost.exe[892] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0030006C
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003000A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1164] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003701D4
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003700E4
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370120
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 0037015C
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370198
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 00370030
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 0037006C
.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003700A8
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00380030
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0038006C
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003800E4
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380120
.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\igfxtray.exe[1396] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\igfxtray.exe[1396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\igfxtray.exe[1396] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E0030
.text C:\WINDOWS\system32\igfxtray.exe[1396] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\igfxtray.exe[1396] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E00E4
.text C:\WINDOWS\system32\igfxtray.exe[1396] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0120
.text C:\WINDOWS\system32\igfxtray.exe[1396] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E00A8
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003F01D4
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003F00E4
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003F0120
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003F015C
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003F0198
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003F0030
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003F006C
.text C:\WINDOWS\system32\igfxtray.exe[1396] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003F00A8
.text C:\WINDOWS\system32\hkcmd.exe[1412] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\hkcmd.exe[1412] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\hkcmd.exe[1412] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E0030
.text C:\WINDOWS\system32\hkcmd.exe[1412] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\hkcmd.exe[1412] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E00E4
.text C:\WINDOWS\system32\hkcmd.exe[1412] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0120
.text C:\WINDOWS\system32\hkcmd.exe[1412] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E00A8
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003F01D4
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003F00E4
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003F0120
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003F015C
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003F0198
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003F0030
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003F006C
.text C:\WINDOWS\system32\hkcmd.exe[1412] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003F00A8
.text C:\WINDOWS\system32\igfxpers.exe[1420] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\igfxpers.exe[1420] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D0030
.text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D00E4
.text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0120
.text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D00A8
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E01D4
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E00E4
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0120
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E015C
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0198
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E0030
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E00A8
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D0030
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D00E4
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0120
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D00A8
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E01D4
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E00E4
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0120
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E015C
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0198
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E0030
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\igfxsrvc.exe[1456] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E00A8
.text C:\WINDOWS\RTHDCPL.EXE[1464] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text C:\WINDOWS\RTHDCPL.EXE[1464] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text C:\WINDOWS\RTHDCPL.EXE[1464] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C0030
.text C:\WINDOWS\RTHDCPL.EXE[1464] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C006C
.text C:\WINDOWS\RTHDCPL.EXE[1464] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C00E4
.text C:\WINDOWS\RTHDCPL.EXE[1464] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0120
.text C:\WINDOWS\RTHDCPL.EXE[1464] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C00A8
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D01D4
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D00E4
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0120
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D015C
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0198
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D0030
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D006C
.text C:\WINDOWS\RTHDCPL.EXE[1464] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00140030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0014006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C0030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C00E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D01D4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D00E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D015C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0198
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D0030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1484] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D00A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D0030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D00E4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0120
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D00A8
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E01D4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E00E4
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0120
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E015C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0198
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E0030
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E006C
.text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1668] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E00A8
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00150030
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 0015006C
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D0030
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D006C
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D00E4
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0120
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D00A8
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E01D4
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E00E4
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0120
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E015C
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0198
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E0030
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E006C
.text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[1740] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E00A8
.text C:\WINDOWS\system32\ctfmon.exe[1816] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[1816] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003701D4
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003700E4
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370120
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 0037015C
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370198
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 00370030
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\ctfmon.exe[1816] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\ctfmon.exe[1816] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\ctfmon.exe[1816] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\ctfmon.exe[1816] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\ctfmon.exe[1816] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\ctfmon.exe[1816] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003800A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x5A 0x0B 0x73 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xC2 0x8C 0x4D 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB0 0x8C 0x80 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xB4 0x52 0x14 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x1C 0x05 0x8A 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA4 0xAD 0x89 0x54 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x5A 0x0B 0x73 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xC2 0x8C 0x4D 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB0 0x8C 0x80 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xB4 0x52 0x14 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x1C 0x05 0x8A 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA4 0xAD 0x89 0x54 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- EOF - GMER 1.0.15 ----
 

Attachments

Ried

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
#2 ·
Hello 9pieces,

While you and your girlfriend may see ComboFix being used quite often, and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

Going forward, I highly recommend you heed such instructions. As explained in Post 2 of our pre-posting topic...

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.
Click to expand...
Please do not run it again until I advise you. I'll need to see the C:\ComboFix.txt. Please post the contents of that log in your next reply.
 
Save Share
Ried

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
#3 ·
Save Share
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Recommended Communities
Community avatar for Overclocking
Overclocking
612K+ members
Community avatar for Toyota Nation Forum
Toyota Nation Forum
525K+ members
Community avatar for Tesla Bot Forum
Tesla Bot Forum
60+ members
Top