GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-30 15:13:11 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10 ST3500413AS rev.JC45 Running: w3lfu4fn.exe; Driver: C:\DOCUME~1\1\USTAWI~1\Temp\kwwcipod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA734C202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA73B2D8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA73706C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA734E7F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA734E848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA734E95E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA7370075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA734E746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA734E898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA734E79A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA734E90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA734C226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA7370D87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA737103D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA734EBE2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA7370BF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA7370A5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA73B2E3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA734BFF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA734C24A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA734ED56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA734CCDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA734E820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA734E870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA734E988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA73703D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA734E772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA734EA1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA734E8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA734E7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA734EAFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA734E936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA73B2ED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA73708D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA734CBA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA737072A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA73BB10E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA736F6E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA734C26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA734C292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA734C04A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA734C186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA7370E8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA734C162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA734C1AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA734C2B6] INT 0x62 ? 8A523CB8 INT 0x63 ? 8A3A1F00 INT 0x63 ? 8A3A1F00 INT 0x73 ? 8A523CB8 INT 0x73 ? 8A523CB8 INT 0x73 ? 8A523CB8 INT 0xA4 ? 8A3A1F00 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA73C8398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes JMP D656EC51 .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 8 Bytes [98, E8, 34, A7, 9A, E7, 34, ...] {CWDE ; CALL 0xffffffffe79aa73a; XOR AL, 0xa7} .text ntkrnlpa.exe!ZwCallbackReturn + 2CBC 80504558 4 Bytes [0C, E9, 34, A7] {OR AL, 0xe9; XOR AL, 0xa7} .text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 8 Bytes [20, E8, 34, A7, 70, E8, 34, ...] {AND AL, CH; XOR AL, 0xa7; JO 0xffffffffffffffee; XOR AL, 0xa7} .text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504654 4 Bytes JMP D7DCED8D .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A734D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A73C3D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A73C57F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A73C839C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text sptd.sys B7E92000 28 Bytes [30, 78, 6E, 80, A6, CB, 6E, ...] .text sptd.sys B7E9201D 3 Bytes [79, 6E, 80] .text sptd.sys B7E92024 120 Bytes [D8, 52, 53, 80, 68, B9, 54, ...] .text sptd.sys B7E9209D 124 Bytes [97, 53, 80, A0, 98, 53, 80, ...] .text sptd.sys B7E9211A 178 Bytes [4F, 80, 82, F8, 4E, 80, 3E, ...] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F3C9E3] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload B777E8AC 5 Bytes JMP 8A3A1410 .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB6FCC000, 0x29C9F0, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB638D3A0, 0x88C445, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A734FCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A734FBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A734EF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A734FE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A7350014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A734FB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A734EE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A734F180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A734F326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A734EE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A734FBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A734F2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A734FD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A734FF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A734EFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A734F03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A734F0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A734F0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A734ED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A734EEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A734F008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A734F440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A734FECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[144] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[188] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\nvsvc32.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\nvsvc32.exe[252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\nvsvc32.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[252] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\nvsvc32.exe[252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\nvsvc32.exe[252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\nvsvc32.exe[252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\nvsvc32.exe[252] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\nvsvc32.exe[252] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\spoolsv.exe[388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[388] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[388] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[388] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[388] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[636] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[812] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\smss.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[900] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[952] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[952] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[972] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\services.exe[996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[996] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[996] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[996] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[996] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[996] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[996] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[1008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\Ati2evxx.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1184] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lxebcoms.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\lxebcoms.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lxebcoms.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\lxebcoms.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lxebcoms.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\lxebcoms.exe[1332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\lxebcoms.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\lxebcoms.exe[1332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\lxebcoms.exe[1332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\lxebcoms.exe[1332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1372] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1372] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Opera\opera.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Opera\opera.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Opera\opera.exe[1460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Opera\opera.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Opera\opera.exe[1460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Opera\opera.exe[1460] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Opera\opera.exe[1460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Opera\opera.exe[1460] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Opera\opera.exe[1460] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Opera\opera.exe[1460] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\Ati2evxx.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1504] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1616] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00881014 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00880804 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00880A08 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00880C0C .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00880E10 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008801F8 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008803FC .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00880600 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00890804 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00890A08 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00890600 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008901F8 .text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008903FC .text C:\WINDOWS\system32\wuauclt.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\wuauclt.exe[2640] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\wuauclt.exe[2640] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[2640] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[2640] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[2640] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[2640] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[2640] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\RunDLL32.exe[2772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RunDLL32.exe[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[2772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RunDLL32.exe[2772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[2772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RunDLL32.exe[2772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RunDLL32.exe[2772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RunDLL32.exe[2772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RunDLL32.exe[2772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RunDLL32.exe[2772] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2912] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3328] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\1\Moje dokumenty\w3lfu4fn.exe[3340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\1\Moje dokumenty\w3lfu4fn.exe[3340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3680] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[3736] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\Explorer.EXE[3752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[3752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[3752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[3752] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\Explorer.EXE[3752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\Explorer.EXE[3752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\Explorer.EXE[3752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\Explorer.EXE[3752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\Explorer.EXE[3752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[3776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3776] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wscntfy.exe[4028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[4028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[4068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\RTHDCPL.EXE[4068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[4068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\RTHDCPL.EXE[4068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[4068] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[4068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[4068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[4068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[4068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[4068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E9420E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E9370C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E93EEE] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E9370C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E938F0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E93832] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E940CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E93EEE] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EA7F56] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00640002 IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00640000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8A5221E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBPDO-0 8A3A01E8 Device \Driver\usbehci \Device\USBPDO-1 8A2D1430 Device \Driver\usbohci \Device\USBPDO-2 8A3A01E8 Device \Driver\usbehci \Device\USBPDO-3 8A2D1430 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 8A3841E8 Device \Driver\atapi \Device\Ide\IdePort0 [B7DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [B7DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B7DFDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 891171E8 Device \Driver\NetBT \Device\NetbiosSmb 891171E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{5AA72D6C-849A-48A1-8018-31BD05C75D94} 891171E8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBFDO-0 8A3A01E8 Device \Driver\usbehci \Device\USBFDO-1 8A2D1430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890B71E8 Device \Driver\usbohci \Device\USBFDO-2 8A3A01E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 890B71E8 Device \Driver\usbehci \Device\USBFDO-3 8A2D1430 Device \FileSystem\Cdfs \Cdfs 8909F430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----