GMER 1.0.15.15640 -
http://www.gmer.netRootkit scan 2011-06-26 13:22:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_DK23EB-40 rev.00K0A0C0
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgryypog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF1788CB2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF17918BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF1791774]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF1791D7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF1791C90]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF1791348]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF1788D62]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF1791850]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF1791284]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF17912EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF1788DFA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF1791994]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF1791E48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF1791952]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF1791AD6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF179E902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF179E726]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xF179E860]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 24C 804E28B8 4 Bytes JMP A6F17912
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP F179BD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 80565333 7 Bytes JMP F179E72A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP F179E906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP F179A2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A425D 7 Bytes JMP F179E864 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7B51340, 0xFD01F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x235FC0, 0xF8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[352] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[352] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[472] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[472] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[580] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[652] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[652] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[652] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[768] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[768] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000801F8
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[800] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000803FC
.text C:\WINDOWS\System32\snmp.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\snmp.exe[800] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[976] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1008] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1220] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 009A1014
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 009A0804
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 009A0A08
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 009A0C0C
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 009A0E10
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 009A01F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 009A03FC
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 009A0600
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AB0804
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AB0A08
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AB0600
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AB01F8
.text C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[1552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AB03FC
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1676] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1976] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[1976] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 002C0600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00381014
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00380804
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00380A08
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00380E10
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003801F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003803FC
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00380600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\Linksys\WIRELE~1\OdHost.exe[2060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D89 5 Bytes JMP 00381014
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E71 5 Bytes JMP 00380804
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37009 5 Bytes JMP 00380A08
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E37109 5 Bytes JMP 00380C0C
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E37191 5 Bytes JMP 00380E10
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!CreateServiceA 77E37219 5 Bytes JMP 003801F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!CreateServiceW 77E373B1 5 Bytes JMP 003803FC
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] ADVAPI32.dll!DeleteService 77E374B9 5 Bytes JMP 00380600
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\PROGRA~1\Linksys\WIRELE~1\WPC54Cfg.exe[2116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----