GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-16 14:33:26 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD501LJ rev.CR100-13 Running: gmer.exe; Driver: C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\kwrdrpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB4432708] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB45057C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB443311C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB4474401] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB443DF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB443DF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB443E0F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB4473DB5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB443DE96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB443DFB8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB443DEDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB4433310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB443E0B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB4433A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB4432756] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB4474AC7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB4474D7D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB44370E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4474932] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB447479D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB45058AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB44323BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB44327A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB4437456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB4434464] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB443DF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB443DF96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB443E11A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB4474111] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB443DEBC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB4436C5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB443E03A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB443DF06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB4436E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB443E0D4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB4505A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB4474618] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB4434330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB447446A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB4433EDA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB451130E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB4473428] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB44327F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB4432840] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB443391C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB4432448] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB44325F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB4474BCE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB443259E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB4433BFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB4433D5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB4432668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB4433632] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB4433794] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB443288E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB4433160] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB451D966] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [F2, 27, 43, B4, 40, 28, 43, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [FE, 3B, 43, B4, 5A, 3D, 43, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B4434AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B451A806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B451C320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B451D96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70FF3C0, 0x95AECA, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B4438A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B443895E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B4438918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP B4437FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP B44376E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP B4438BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP B4438DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP B443881E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP B44375AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP B443808C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP B4437B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP B4437E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP B4437592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP B44389A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP B4437C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP B4437DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP B44380A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP B4438B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP B4438D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP B4437FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP B4437756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP B4437866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP B443793E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP B4437A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP B443748C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP B4437FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP B4437682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP B4437812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP B4437F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP B4438C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[244] kernel32.dll!WriteFile 7C7E0E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[244] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[244] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\System32\smss.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[748] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[796] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\lsass.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[808] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\LEXBCES.EXE[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\LEXBCES.EXE[1552] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\LEXPPS.EXE[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\LEXPPS.EXE[1588] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\LEXPPS.EXE[1588] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\spoolsv.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1592] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1724] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1976] user32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002E1014 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002E0804 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002E0A08 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002E0C0C .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002E0E10 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002E01F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002E03FC .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002E0600 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[2200] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002F03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 01484540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2456] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003D1014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003D0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003D0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003D0C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003D0E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003D01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003D03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003D0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 012E4540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003E0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003E0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2544] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[2584] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\Explorer.EXE[2584] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\Explorer.EXE[2584] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00290804 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00290A08 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00290600 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002901F8 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002903FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002A1014 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002A0804 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002A0A08 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002A0C0C .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002A0E10 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002A01F8 .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002A03FC .text C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2676] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002A0600 .text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\RTHDCPL.EXE[3104] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00381014 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00380804 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00380A08 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00380C0C .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00380E10 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003801F8 .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003803FC .text C:\WINDOWS\RTHDCPL.EXE[3104] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00380600 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\RTHDCPL.EXE[3104] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3112] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8 .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC .text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[3368] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8 .text C:\WINDOWS\Pixart\PAC7302\PACTray.exe[3416] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] kernel32.dll!SetUnhandledExceptionFilter 7C81495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00391014 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00390804 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00390A08 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00390C0C .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00390E10 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003901F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003903FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00390600 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[3444] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002D1014 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002D0C0C .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002D0E10 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002D03FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002E0804 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002E0A08 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002E0600 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002E01F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[3500] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 003A1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 003A0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 003A0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 003A0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 003A0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 003A01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 003A03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 003A0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3508] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[3520] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\ctfmon.exe[3520] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\ctfmon.exe[3520] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 00AE1014 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 00AE0804 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 00AE0A08 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 00AE0C0C .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 00AE0E10 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 00AE01F8 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 00AE03FC .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 00AE0600 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 10004540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00AB0804 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00AB0A08 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00AB0600 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00AB01F8 .text C:\Documents and Settings\Eigenaar\Bureaublad\gmer.exe[3808] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 00AB03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] kernel32.dll!GetBinaryTypeW + 80 7C838D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!SetServiceObjectSecurity 77FA6D81 5 Bytes JMP 002B1014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfigA 77FA6E69 5 Bytes JMP 002B0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfigW 77FA7001 5 Bytes JMP 002B0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfig2A 77FA7101 5 Bytes JMP 002B0C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!ChangeServiceConfig2W 77FA7189 5 Bytes JMP 002B0E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!CreateServiceA 77FA7211 5 Bytes JMP 002B01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!CreateServiceW 77FA73A9 5 Bytes JMP 002B03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] ADVAPI32.dll!DeleteService 77FA74B1 5 Bytes JMP 002B0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 011B4540 c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[3888] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- EOF - GMER 1.0.15 ----