
Slow PC, hangs during reboot
#1
Posted 05 October 2011 - 09:11 PM
Register to Remove
#2
Posted 09 October 2011 - 06:34 PM

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
- Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
- Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
- Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
- Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
- Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
- Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
- Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
- Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!
Download and Run GMER

Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Right-click and choose Run as Administrator on GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that may have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one - make sure it is UNCHECKED)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.
http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Uncheck Remove found threats.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#3
Posted 12 October 2011 - 10:43 AM
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 04:02:06
# local_time=2011-10-12 12:02:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26690148 26690148 0 0
# compatibility_mode=1024 16777215 100 0 26607851 26607851 0 0
# compatibility_mode=5893 16776574 100 94 11576482 69935124 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=28649
# found=0
# cleaned=0
# scan_time=1793
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 05:06:03
# local_time=2011-10-12 01:06:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26692327 26692327 0 0
# compatibility_mode=1024 16777215 100 0 26613630 26613630 0 0
# compatibility_mode=5893 16776574 100 94 11578661 69937303 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=28633
# found=0
# cleaned=0
# scan_time=3451
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 05:11:54
# local_time=2011-10-12 01:11:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26696129 26696129 0 0
# compatibility_mode=1024 16777215 100 0 26613832 26613832 0 0
# compatibility_mode=5893 16776574 100 94 11582463 69941105 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=26
# found=0
# cleaned=0
# scan_time=20
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5696fc29e0b347458e1d1a81b1f0ea4c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 06:52:55
# local_time=2011-10-12 02:52:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 26696349 26696349 0 0
# compatibility_mode=1024 16777215 100 0 26614052 26614052 0 0
# compatibility_mode=5893 16776574 100 94 11582683 69941325 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=106371
# found=0
# cleaned=0
# scan_time=5840
GMER...
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-11 07:27:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5 WDC_WD800JD-00LSA0 rev.06.01D06
Running: gmer.exe; Driver: C:\Users\Amy\AppData\Local\Temp\uwldrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E835374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8EF552B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E837996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E8379EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E837B04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E8378EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E837A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E837940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E837AB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E835398]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8EF55368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E835162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E8353BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E837EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E835E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E8379C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E837A16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E837B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E837918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E837A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E83796E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E837ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8EF55400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E835D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E8353E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E835404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E8351BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E8352F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E8352D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E83531C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E835428]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EF6A9A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83A42349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83A7BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83A82D80 4 Bytes [74, 53, 83, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83A82DA8 4 Bytes [B8, 52, F5, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83A82E5C 8 Bytes [96, 79, 83, 8E, EE, 79, 83, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83A82E68 4 Bytes [04, 7B, 83, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83A82E84 4 Bytes [EC, 78, 83, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83C0FBE8 5 Bytes JMP 8EF663DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83C281B8 5 Bytes JMP 8EF67E9C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83C3D2FF 4 Bytes CALL 8E8364C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83C570D1 4 Bytes CALL 8E8364DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83CE0F10 7 Bytes JMP 8EF6A9AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes [E9, 0A, 5C, 1E, 89] {JMP 0xffffffff891e5c0f}
.text user32.dll!UnhookWinEvent 7703B750 5 Bytes [E9, A7, 4C, 1E, 89] {JMP 0xffffffff891e4cac}
.text user32.dll!SetWindowsHookExW 7703E30C 5 Bytes [E9, F3, 24, 1E, 89] {JMP 0xffffffff891e24f8}
.text user32.dll!SetWinEventHook 770424DC 5 Bytes [E9, 17, DD, 1D, 89] {JMP 0xffffffff891ddd1c}
.text user32.dll!SetWindowsHookExA 77066D0C 5 Bytes [E9, EF, 98, 1B, 89] {JMP 0xffffffff891b98f4}
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[112] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00210600
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001503FC
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001501F8
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001E03FC
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001E0804
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001E01F8
.text C:\Program Files\AWS\WeatherBug\Weather.exe[336] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001E0600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001903FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00190804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001901F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[344] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00190600
.text C:\Windows\system32\csrss.exe[392] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[448] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00220A08
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002203FC
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00220804
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002201F8
.text C:\Users\Amy\Desktop\gmer\gmer.exe[472] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00220600
.text C:\Windows\system32\services.exe[496] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[496] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[496] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[516] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[516] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[516] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[528] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[528] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[528] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[568] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[568] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[568] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[568] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[684] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[684] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[772] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[772] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[772] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[772] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[880] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[880] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\svchost.exe[880] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\svchost.exe[880] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00360A08
.text C:\Windows\System32\svchost.exe[952] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003603FC
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00360804
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003601F8
.text C:\Windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00360600
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00EC0A08
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 00EC03FC
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00EC0804
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 00EC01F8
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00EC0600
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 003B0A08
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003B03FC
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 003B0804
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003B01F8
.text C:\Windows\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 003B0600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1224] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\nvvsvc.exe[1236] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\nvvsvc.exe[1236] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\nvvsvc.exe[1236] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\nvvsvc.exe[1236] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 003F0A08
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003F03FC
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 003F0804
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003F01F8
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 003F0600
.text C:\Windows\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00570A08
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 005703FC
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00570804
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 005701F8
.text C:\Windows\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00570600
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1548] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1548] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[1548] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\Dwm.exe[1588] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1588] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1588] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1588] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\taskhost.exe[1608] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1608] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1608] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[1608] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1616] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1616] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000A0A08
.text C:\Windows\Explorer.EXE[1616] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000A03FC
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000A0804
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000A01F8
.text C:\Windows\Explorer.EXE[1616] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000A0600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1656] kernel32.dll!SetUnhandledExceptionFilter 773BF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1656] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 004B0A08
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 004B03FC
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 004B0804
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 004B01F8
.text C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe[1896] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 004B0600
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001803FC
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00180804
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001801F8
.text C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe[1916] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00180600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1960] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2024] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2168] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003003FC
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00300804
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003001F8
.text C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe[2240] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00300600
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2312] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2680] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[2680] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[2680] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00240A08
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002403FC
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00240804
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002401F8
.text C:\Windows\system32\SearchIndexer.exe[2680] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00240600
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002103FC
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00210804
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002101F8
.text C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe[2740] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00210600
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2916] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002603FC
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00260600
.text C:\Windows\System32\alg.exe[2956] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\alg.exe[2956] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\alg.exe[2956] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\System32\alg.exe[2956] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\alg.exe[2956] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\alg.exe[2956] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\alg.exe[2956] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\alg.exe[2956] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3032] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3032] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002603FC
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[3032] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00260600
.text C:\Windows\system32\WUDFHost.exe[3188] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\WUDFHost.exe[3188] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\WUDFHost.exe[3188] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000D0A08
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000D03FC
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000D0804
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000D01F8
.text C:\Windows\system32\WUDFHost.exe[3188] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[3296] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3296] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3296] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001701F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3548] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe[3924] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\wbem\unsecapp.exe[3952] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\unsecapp.exe[3952] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\unsecapp.exe[3952] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\wbem\unsecapp.exe[3952] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] ntdll.dll!LdrUnloadDll 77CCC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] ntdll.dll!LdrLoadDll 77CD22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] kernel32.dll!GetBinaryTypeW + 70 773D69F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4056] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
#4
Posted 12 October 2011 - 03:14 PM
I'm not seeing any malware, but there will be some error logs I can see in the attach.txt log that might help us out or at least point us in the right direction.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#5
Posted 12 October 2011 - 05:29 PM
#6
Posted 13 October 2011 - 03:57 PM
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate
#7
Posted 13 October 2011 - 08:36 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users