WiredWX Hobby Weather ToolsLog in

 


Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

2 posters

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b8bd39c55d0d25429a4a82d940ff9652
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-23 01:57:47
# local_time=2011-06-22 06:57:47 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=31813
# found=0
# cleaned=0
# scan_time=3306

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
seems to be up and running now albeit slow. 'm not sure how fast it was before virus and I just started using win7 on a solid state drive on my desktop so this thing seems like it takes forever to do anything. After my last feedback i ran avast full scan and it found alureon-g, i then ran boot scan and it game back with this;
06/22/2011 20:48
Scan of all local drives

File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004251.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004252.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004253.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004254.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004255.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004256.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004257.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004258.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004259.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004260.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004261.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004262.dll is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004263.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004264.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004265.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004266.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004267.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004268.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004269.dll is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004270.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004271.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004272.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004273.exe is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004274.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004275.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004276.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004278.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0004279.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0005236.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
File C:\System Volume Information\_restore{DF477380-D67F-4F52-B12F-0CD10F96BDA1}\RP3\A0006285.dll is infected by Win32:FunWeb-F [PUP], Moved to chest
Number of searched folders: 3738
Number of tested files: 172933
Number of infected files: 30

I have ran avast and malware bytes and all seems clear. all previous viruses contained in chest. Should I delete them?

any suggestions on why its so slow? Thanks again for all your help

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
Odd...it all checked out fine...let's do some "manual diagnostics".

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-26 13:22:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_DK23EB-40 rev.00K0A0C0
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgryypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF1788CB2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF17918BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF1791774]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF1791D7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF1791C90]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF1791348]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF1788D62]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF1791850]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF1791284]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF17912EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF1788DFA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF1791994]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF1791E48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF1791952]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF1791AD6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF179E902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF179E726]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xF179E860]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 24C 804E28B8 4 Bytes JMP A6F17912
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP F179BD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 80565333 7 Bytes JMP F179E72A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP F179E906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP F179A2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A425D 7 Bytes JMP F179E864 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7B51340, 0xFD01F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x235FC0, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[652] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000801F8
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000803FC
.text C:\WINDOWS\System32\snmp.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[976] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 009A1014
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 009A0804
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 009A0A08
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 009A0C0C
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 009A0E10
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 009A01F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 009A03FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 009A0600
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AB0804
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AB0A08
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AB0600
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AB01F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AB03FC
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00381014
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00380804
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00380A08
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00380E10
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003801F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003803FC
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00380600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00381014
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00380804
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00380A08
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00380E10
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003801F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003803FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00380600
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
i dont know whats up but somethings not right.... it doesnt show cpu or processor being used barely at all. task bar missing, avast doesnt even open up... it is odd... but not good... ugh! I had no idea what i was getting in to.... lol Shocking Whoa

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
restarted computer and task bar and start button are back. remembered earlier problem of fire wall being off so i tried to open security center and it wont open. Also Avast wont run now. And everything is running at snails pace

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8B76000 \WINDOWS\system32\KDCOM.DLL
0xF8A86000 \WINDOWS\system32\BOOTVID.dll
0xF88F6000 usbuhci.sys
0xF8631000 \WINDOWS\system32\DRIVERS\USBPORT.SYS
0xF8676000 usbhub.sys
0xF8B78000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8B7A000 \WINDOWS\system32\DRIVERS\USBD.SYS
0xF8603000 ACPI.sys
0xF85F2000 pci.sys
0xF8686000 isapnp.sys
0xF8A8A000 compbatt.sys
0xF8A8E000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8B7C000 intelide.sys
0xF8906000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF85D4000 pcmcia.sys
0xF8696000 MountMgr.sys
0xF85B5000 ftdisk.sys
0xF8B7E000 dmload.sys
0xF858F000 dmio.sys
0xF8A92000 ACPIEC.sys
0xF8C3E000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF890E000 PartMgr.sys
0xF8C3F000 OzCrd2k.sys
0xF86A6000 VolSnap.sys
0xF8577000 atapi.sys
0xF86B6000 disk.sys
0xF86C6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8557000 fltMgr.sys
0xF8545000 sr.sys
0xF852E000 KSecDD.sys
0xF84A1000 Ntfs.sys
0xF8474000 NDIS.sys
0xF845A000 Mup.sys
0xF86D6000 agp440.sys
0xF7C8D000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF7C79000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7C67000 \SystemRoot\system32\DRIVERS\el90xbc5.sys
0xF7C08000 \SystemRoot\system32\DRIVERS\tnet1130x.sys
0xF8866000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF894E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8956000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7BF4000 \SystemRoot\system32\DRIVERS\parport.sys
0xF895E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF8B6A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF8876000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8886000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8896000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BD1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7BB9000 \SystemRoot\system32\drivers\STAC97.sys
0xF7B95000 \SystemRoot\system32\drivers\portcls.sys
0xF88A6000 \SystemRoot\system32\drivers\drmk.sys
0xF7B64000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF7A65000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8966000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8C96000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF88B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8B72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF79A8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF88C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF88D6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF896E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7996000 \SystemRoot\system32\DRIVERS\psched.sys
0xF88E6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8976000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF897E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF86F6000 \SystemRoot\system32\DRIVERS\odysseyIM3.sys
0xF7966000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8706000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8BA4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7908000 \SystemRoot\system32\DRIVERS\update.sys
0xF841A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8986000 \SystemRoot\system32\DRIVERS\omci.sys
0xF87E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8A6E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF657C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D29000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C14000 \SystemRoot\System32\Drivers\Beep.SYS
0xF568F000 \SystemRoot\System32\drivers\vga.sys
0xF8C16000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF5687000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF567F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6578000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF502B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4FD2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF637A000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF4E92000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5677000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF4E70000 \SystemRoot\System32\drivers\afd.sys
0xF8836000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4E45000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4DD5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF5B4F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4DAF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF5B0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF2AD8000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF2A68000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF348E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF2F79000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8B26000 \SystemRoot\System32\drivers\Dxapi.sys
0xF3080000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C99000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF343000 \SystemRoot\System32\ATMFD.DLL
0xF323D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF3225000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF2FB9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xF06EB000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF05A7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8B9E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0583000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF04D7000 \SystemRoot\system32\DRIVERS\srv.sys
0xF0242000 \SystemRoot\system32\drivers\wdmaud.sys
0xF6823000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8BB6000 \SystemRoot\system32\drivers\splitter.sys
0xF021F000 \SystemRoot\system32\drivers\aec.sys
0xF8816000 \SystemRoot\system32\drivers\swmidi.sys
0xF355E000 \SystemRoot\system32\drivers\DMusic.sys
0xF01F4000 \SystemRoot\system32\drivers\kmixer.sys
0xF8CB0000 \SystemRoot\system32\drivers\drmkaud.sys
0xF0043000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFF7F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEFF1F000 \??\C:\WINDOWS\system32\CBTNDIS5.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
880 C:\WINDOWS\system32\smss.exe
972 csrss.exe
1016 C:\WINDOWS\system32\winlogon.exe
1060 C:\WINDOWS\system32\services.exe
1072 C:\WINDOWS\system32\lsass.exe
1228 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1348 C:\WINDOWS\system32\svchost.exe
1552 svchost.exe
1704 svchost.exe
1916 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
636 C:\WINDOWS\system32\spoolsv.exe
712 svchost.exe
952 C:\WINDOWS\system32\nvsvc32.exe
992 C:\WINDOWS\system32\snmp.exe
1256 C:\WINDOWS\system32\svchost.exe
1812 alg.exe
500 C:\WINDOWS\explorer.exe
2252 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2388 C:\WINDOWS\system32\ctfmon.exe
2464 C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe
2504 C:\PROGRA~1\Linksys\WIRELE~1\WPC54CFG.exe
2128 C:\WINDOWS\system32\wuauclt.exe
268 C:\Documents and Settings\Owner\desktop\MBRCheck.exe
2660 C:\Program Files\AVAST Software\Avast\Setup\avast.setup

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHI_DK23EB-40, Rev: 00K0A0C0

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
Delete any old copies of this program...

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionAlureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup - Page 2 EmptyRe: Alureon-G@mbr Virus- Description, OTL, Extras, ASW, Checkup

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum