GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-03 00:47:48 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HDT725032VLA360 rev.V54OA7EA Running: gmer.exe; Driver: C:\Users\Fuelyo\AppData\Local\Temp\uwwdipow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82C763D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 8B09F000 8 Bytes [34, E2, C0, 82, A0, 47, C0, ...] .text sptd.sys 8B09F009 23 Bytes [47, C0, 82, 48, 6B, C0, 82, ...] .text sptd.sys 8B09F024 4 Bytes [44, E5, 1C, 8B] .text sptd.sys 8B09F02C 424 Bytes [61, D7, E9, 82, 90, 99, E1, ...] .text sptd.sys 8B09F1E4 4 Bytes [79, 62, 73, 4C] {JNS 0x64; JAE 0x50} .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B196D38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. PAGE PCIIDEX.SYS!DllUnload 8B30A606 5 Bytes JMP 8556C1D8 .text USBPORT.SYS!DllUnload 94DBEDB9 5 Bytes JMP 855BB410 PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9F78C000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9F78C123 629 Bytes [75, 78, 9F, FE, 05, 34, 75, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 9F78C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F 9F78C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B 9F78C4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 014D8AF8 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 014D7AF0 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 014C0A38 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 014CBA90 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 014C4A58 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 014C3A50 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 014C9A80 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 014CCA98 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 014CFAB0 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 014D5AE0 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 014C7A70 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 014C1A40 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 014CAA88 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 014C5A60 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 014C6A68 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 014CDAA0 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 014C2A48 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 014D6AE8 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 014D1AC0 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 014D0AB8 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 014D4AD8 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 014D2AC8 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 014CEAA8 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 014D3AD0 .text C:\Windows\system32\taskhost.exe[1812] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 014C8A78 .text C:\Windows\system32\taskhost.exe[1812] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 014DAB08 .text C:\Windows\system32\taskhost.exe[1812] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 014D9B00 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 014F2BC8 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 014F0BB8 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 014EFBB0 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 014E7B70 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 014EDBA0 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 014F4BD8 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 014E9B80 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 014EEBA8 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 014EBB90 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 014E8B78 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 014E6B68 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 014F5BE0 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 014EAB88 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 014F7BF0 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 014F6BE8 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!EndTask 7680FD66 5 Bytes JMP 014E5B60 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 014E4B58 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 014F3BD0 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 014F1BC0 .text C:\Windows\system32\taskhost.exe[1812] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 014ECB98 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 014DFB30 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 014E0B38 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 014E3B50 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 014E1B40 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 014E2B48 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 014DBB10 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 014DDB20 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 014DCB18 .text C:\Windows\system32\taskhost.exe[1812] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 014DEB28 .text C:\Windows\system32\taskhost.exe[1812] shell32.dll!ShellExecuteW 75853C59 5 Bytes JMP 014F9C00 .text C:\Windows\system32\taskhost.exe[1812] shell32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 014FBC10 .text C:\Windows\system32\taskhost.exe[1812] shell32.dll!SHFileOperationW 758996AE 5 Bytes JMP 014FDC20 .text C:\Windows\system32\taskhost.exe[1812] shell32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 014FAC08 .text C:\Windows\system32\taskhost.exe[1812] shell32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 014F8BF8 .text C:\Windows\system32\taskhost.exe[1812] shell32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 014FCC18 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 01388AF8 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 01387AF0 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 01370A38 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 0137BA90 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 01374A58 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 01373A50 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 01379A80 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 0137CA98 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 0137FAB0 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 01385AE0 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 01377A70 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 01371A40 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 0137AA88 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 01375A60 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 01376A68 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 0137DAA0 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 01372A48 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 01386AE8 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 01381AC0 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 01380AB8 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 01384AD8 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 01382AC8 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 0137EAA8 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 01383AD0 .text C:\Program Files\Opera\opera.exe[2688] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 01378A78 .text C:\Program Files\Opera\opera.exe[2688] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 0138AB08 .text C:\Program Files\Opera\opera.exe[2688] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 01389B00 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 013A2BC8 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 013A0BB8 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 0139FBB0 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 01397B70 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 0139DBA0 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 013A4BD8 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 01399B80 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 0139EBA8 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 0139BB90 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 01398B78 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 01396B68 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 013A5BE0 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 0139AB88 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 013A7BF0 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 013A6BE8 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!EndTask 7680FD66 5 Bytes JMP 01395B60 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 01394B58 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 013A3BD0 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 013A1BC0 .text C:\Program Files\Opera\opera.exe[2688] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 0139CB98 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 0138FB30 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 01390B38 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 01393B50 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 01391B40 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 01392B48 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 0138BB10 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 0138DB20 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 0138CB18 .text C:\Program Files\Opera\opera.exe[2688] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 0138EB28 .text C:\Program Files\Opera\opera.exe[2688] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 013A9C00 .text C:\Program Files\Opera\opera.exe[2688] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 013ABC10 .text C:\Program Files\Opera\opera.exe[2688] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 013ADC20 .text C:\Program Files\Opera\opera.exe[2688] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 013AAC08 .text C:\Program Files\Opera\opera.exe[2688] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 013A8BF8 .text C:\Program Files\Opera\opera.exe[2688] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 013ACC18 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 01398AF8 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 01397AF0 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 01380A38 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 0138BA90 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 01384A58 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 01383A50 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 01389A80 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 0138CA98 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 0138FAB0 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 01395AE0 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 01387A70 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 01381A40 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 0138AA88 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 01385A60 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 01386A68 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 0138DAA0 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 01382A48 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 01396AE8 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 01391AC0 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 01390AB8 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 01394AD8 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 01392AC8 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 0138EAA8 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 01393AD0 .text C:\Windows\System32\rundll32.exe[2744] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 01388A78 .text C:\Windows\System32\rundll32.exe[2744] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 0139AB08 .text C:\Windows\System32\rundll32.exe[2744] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 01399B00 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 013B2BC8 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 013B0BB8 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 013AFBB0 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 013A7B70 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 013ADBA0 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 013B4BD8 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 013A9B80 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 013AEBA8 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 013ABB90 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 013A8B78 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 013A6B68 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 013B5BE0 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 013AAB88 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 013B7BF0 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 013B6BE8 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!EndTask 7680FD66 5 Bytes JMP 013A5B60 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 013A4B58 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 013B3BD0 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 013B1BC0 .text C:\Windows\System32\rundll32.exe[2744] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 013ACB98 .text C:\Windows\System32\rundll32.exe[2744] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 013B9C00 .text C:\Windows\System32\rundll32.exe[2744] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 013BBC10 .text C:\Windows\System32\rundll32.exe[2744] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 013BDC20 .text C:\Windows\System32\rundll32.exe[2744] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 013BAC08 .text C:\Windows\System32\rundll32.exe[2744] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 013B8BF8 .text C:\Windows\System32\rundll32.exe[2744] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 013BCC18 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 0139FB30 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 013A0B38 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 013A3B50 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 013A1B40 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 013A2B48 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 0139BB10 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 0139DB20 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 0139CB18 .text C:\Windows\System32\rundll32.exe[2744] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 0139EB28 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 01BD8AF8 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 01BD7AF0 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 01BC0A38 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 01BCBA90 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 01BC4A58 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 01BC3A50 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 01BC9A80 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 01BCCA98 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 01BCFAB0 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 01BD5AE0 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 01BC7A70 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 01BC1A40 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 01BCAA88 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 01BC5A60 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 01BC6A68 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 01BCDAA0 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 01BC2A48 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 01BD6AE8 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 01BD1AC0 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 01BD0AB8 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 01BD4AD8 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 01BD2AC8 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 01BCEAA8 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 01BD3AD0 .text C:\Windows\system32\Dwm.exe[2924] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 01BC8A78 .text C:\Windows\system32\Dwm.exe[2924] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 01BDAB08 .text C:\Windows\system32\Dwm.exe[2924] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 01BD9B00 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 01BF2BC8 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 01BF0BB8 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 01BEFBB0 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 01BE7B70 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 01BEDBA0 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 01BF4BD8 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 01BE9B80 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 01BEEBA8 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 01BEBB90 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 01BE8B78 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 01BE6B68 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 01BF5BE0 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 01BEAB88 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 01BF7BF0 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 01BF6BE8 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!EndTask 7680FD66 5 Bytes JMP 01BE5B60 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 01BE4B58 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 01BF3BD0 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 01BF1BC0 .text C:\Windows\system32\Dwm.exe[2924] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 01BECB98 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 01BDFB30 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 01BE0B38 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 01BE3B50 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 01BE1B40 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 01BE2B48 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 01BDBB10 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 01BDDB20 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 01BDCB18 .text C:\Windows\system32\Dwm.exe[2924] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 01BDEB28 .text C:\Windows\system32\Dwm.exe[2924] shell32.dll!ShellExecuteW 75853C59 5 Bytes JMP 01BF9C00 .text C:\Windows\system32\Dwm.exe[2924] shell32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 01BFBC10 .text C:\Windows\system32\Dwm.exe[2924] shell32.dll!SHFileOperationW 758996AE 5 Bytes JMP 01BFDC20 .text C:\Windows\system32\Dwm.exe[2924] shell32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 01BFAC08 .text C:\Windows\system32\Dwm.exe[2924] shell32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 01BF8BF8 .text C:\Windows\system32\Dwm.exe[2924] shell32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 01BFCC18 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 005E8AF8 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 005E7AF0 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 005D0A38 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 005DBA90 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 005D4A58 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 005D3A50 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 005D9A80 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 005DCA98 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 005DFAB0 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 005E5AE0 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 005D7A70 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 005D1A40 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 005DAA88 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 005D5A60 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 005D6A68 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 005DDAA0 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 005D2A48 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 005E6AE8 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 005E1AC0 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 005E0AB8 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 005E4AD8 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 005E2AC8 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 005DEAA8 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 005E3AD0 .text C:\Windows\Explorer.EXE[2948] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 005D8A78 .text C:\Windows\Explorer.EXE[2948] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 005EAB08 .text C:\Windows\Explorer.EXE[2948] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 005E9B00 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 005EFB30 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 005F0B38 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 005F3B50 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 005F1B40 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 005F2B48 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 005EBB10 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 005EDB20 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 005ECB18 .text C:\Windows\Explorer.EXE[2948] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 005EEB28 .text C:\Windows\Explorer.EXE[2948] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 00602BC8 .text C:\Windows\Explorer.EXE[2948] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 00600BB8 .text C:\Windows\Explorer.EXE[2948] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 005FFBB0 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 005F7B70 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 005FDBA0 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 00604BD8 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 005F9B80 .text C:\Windows\Explorer.EXE[2948] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 005FEBA8 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 005FBB90 .text C:\Windows\Explorer.EXE[2948] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 005F8B78 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 005F6B68 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 00605BE0 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 005FAB88 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 00607BF0 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 00606BE8 .text C:\Windows\Explorer.EXE[2948] USER32.dll!EndTask 7680FD66 5 Bytes JMP 005F5B60 .text C:\Windows\Explorer.EXE[2948] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 005F4B58 .text C:\Windows\Explorer.EXE[2948] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 00603BD0 .text C:\Windows\Explorer.EXE[2948] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 00601BC0 .text C:\Windows\Explorer.EXE[2948] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 005FCB98 .text C:\Windows\Explorer.EXE[2948] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 00609C00 .text C:\Windows\Explorer.EXE[2948] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 0060BC10 .text C:\Windows\Explorer.EXE[2948] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 0060DC20 .text C:\Windows\Explorer.EXE[2948] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 0060AC08 .text C:\Windows\Explorer.EXE[2948] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 00608BF8 .text C:\Windows\Explorer.EXE[2948] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 0060CC18 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 00C78AF8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 00C77AF0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 00C60A38 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 00C6BA90 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 00C64A58 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 00C63A50 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 00C69A80 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 00C6CA98 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 00C6FAB0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 00C75AE0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 00C67A70 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 00C61A40 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 00C6AA88 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 00C65A60 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 00C66A68 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 00C6DAA0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 00C62A48 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 00C76AE8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 00C71AC0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 00C70AB8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 00C74AD8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 00C72AC8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 00C6EAA8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 00C73AD0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 00C68A78 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 00C7AB08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 00C79B00 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 00C92BC8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 00C90BB8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 00C8FBB0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 00C87B70 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 00C8DBA0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 00C94BD8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 00C89B80 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 00C8EBA8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 00C8BB90 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 00C88B78 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 00C86B68 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 00C95BE0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 00C8AB88 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 00C97BF0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 00C96BE8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!EndTask 7680FD66 5 Bytes JMP 00C85B60 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 00C84B58 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 00C93BD0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 00C91BC0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 00C8CB98 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 00C7FB30 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 00C80B38 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 00C83B50 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 00C81B40 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 00C82B48 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 00C7BB10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 00C7DB20 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 00C7CB18 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 00C7EB28 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 00C99C00 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 00C9BC10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 00C9DC20 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 00C9AC08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 00C98BF8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 00C9CC18 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 008A8AF8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 008A7AF0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 00890A38 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 0089BA90 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 00894A58 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 00893A50 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 00899A80 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 0089CA98 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 0089FAB0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 008A5AE0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 00897A70 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 00891A40 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 0089AA88 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 00895A60 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 00896A68 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 0089DAA0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 00892A48 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 008A6AE8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 008A1AC0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 008A0AB8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 008A4AD8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 008A2AC8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 0089EAA8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 008A3AD0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 00898A78 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 008AAB08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 008A9B00 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 008AFB30 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 008B0B38 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 008B3B50 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 008B1B40 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 008B2B48 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 008ABB10 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 008ADB20 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 008ACB18 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 008AEB28 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 008C2BC8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 008C0BB8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 008BFBB0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 008B7B70 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 008BDBA0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 008C4BD8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 008B9B80 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 008BEBA8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 008BBB90 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 008B8B78 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 008B6B68 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 008C5BE0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 008BAB88 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 008C7BF0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 008C6BE8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!EndTask 7680FD66 5 Bytes JMP 008B5B60 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 008B4B58 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 008C3BD0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 008C1BC0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 008BCB98 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 008C9C00 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 008CBC10 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 008CDC20 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 008CAC08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 008C8BF8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3104] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 008CCC18 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 01488AF8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 01487AF0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 01470A38 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 0147BA90 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 01474A58 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 01473A50 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 01479A80 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 0147CA98 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 0147FAB0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 01485AE0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 01477A70 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 01471A40 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 0147AA88 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 01475A60 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 01476A68 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 0147DAA0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 01472A48 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 01486AE8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 01481AC0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 01480AB8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 01484AD8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 01482AC8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 0147EAA8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 01483AD0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 01478A78 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 0148AB08 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 01489B00 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 014A2BC8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 014A0BB8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 0149FBB0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 01497B70 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 0149DBA0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 014A4BD8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 01499B80 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 0149EBA8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 0149BB90 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 01498B78 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 01496B68 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 014A5BE0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 0149AB88 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 014A7BF0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 014A6BE8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!EndTask 7680FD66 5 Bytes JMP 01495B60 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 01494B58 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 014A3BD0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 014A1BC0 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 0149CB98 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 0148FB30 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 01490B38 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 01493B50 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 01491B40 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 01492B48 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 0148BB10 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 0148DB20 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 0148CB18 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 0148EB28 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 014A9C00 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 014ABC10 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 014ADC20 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 014AAC08 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 014A8BF8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[3356] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 014ACC18 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 014E8AF8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 014E7AF0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 014D0A38 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 014DBA90 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 014D4A58 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 014D3A50 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 014D9A80 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 014DCA98 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 014DFAB0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 014E5AE0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 014D7A70 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 014D1A40 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 014DAA88 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 014D5A60 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 014D6A68 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 014DDAA0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 014D2A48 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 014E6AE8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 014E1AC0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 014E0AB8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 014E4AD8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 014E2AC8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 014DEAA8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 014E3AD0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 014D8A78 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 014EAB08 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 014E9B00 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 01502BC8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 01500BB8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 014FFBB0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 014F7B70 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 014FDBA0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 01504BD8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 014F9B80 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 014FEBA8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 014FBB90 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 014F8B78 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 014F6B68 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 01505BE0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 014FAB88 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 01507BF0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 01506BE8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!EndTask 7680FD66 5 Bytes JMP 014F5B60 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 014F4B58 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 01503BD0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 01501BC0 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 014FCB98 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 014EFB30 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 014F0B38 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 014F3B50 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 014F1B40 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 014F2B48 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 014EBB10 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 014EDB20 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 014ECB18 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 014EEB28 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 01509C00 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 0150BC10 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 0150DC20 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 0150AC08 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 01508BF8 .text C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe[3364] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 0150CC18 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 007F8AF8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 007F7AF0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 007E0A38 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 007EBA90 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 007E4A58 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 007E3A50 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 007E9A80 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 007ECA98 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 007EFAB0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 007F5AE0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 007E7A70 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 007E1A40 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 007EAA88 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 007E5A60 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 007E6A68 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 007EDAA0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 007E2A48 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 007F6AE8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 007F1AC0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 007F0AB8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 007F4AD8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 007F2AC8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 007EEAA8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 007F3AD0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 007E8A78 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 007FAB08 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 007F9B00 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 007FFB30 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 00800B38 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 00803B50 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 00801B40 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 00802B48 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 007FBB10 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 007FDB20 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 007FCB18 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 007FEB28 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 00812BC8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 00810BB8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 0080FBB0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 00807B70 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 0080DBA0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 00814BD8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 00809B80 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 0080EBA8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 0080BB90 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 00808B78 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 00806B68 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 00815BE0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 0080AB88 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 00817BF0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 00816BE8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!EndTask 7680FD66 5 Bytes JMP 00805B60 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 00804B58 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 00813BD0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 00811BC0 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 0080CB98 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 00819C00 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 0081BC10 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 0081DC20 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 0081AC08 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 00818BF8 .text C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe[3412] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 0081CC18 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 01BD8DF8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 01BD7DD0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 01BC0A38 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 01BCBBF0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 01BC4AD8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 01BC3AB0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 01BC9BA0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 01BCCC18 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 01BCFC90 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 01BD5D80 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 01BC7B50 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 01BC1A60 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 01BCABC8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 01BC5B00 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 01BC6B28 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 01BCDC40 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 01BC2A88 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 01BD6DA8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 01BD1CE0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 01BD0CB8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 01BD4D58 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 01BD2D08 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 01BCEC68 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 01BD3D30 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 01BC8B78 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 01BDAE48 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 01BD9E20 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 01BF3208 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 01BF11B8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 01BF0190 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 01BE8050 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 01BEE140 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 01BF5258 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 01BEA0A0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 01BEF168 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 01BEC0F0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 01BE9078 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 01BE7028 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 01BF6280 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 01BEB0C8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 01BF82D0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 01BF72A8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!EndTask 7680FD66 5 Bytes JMP 01BE6000 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 01BE4FD8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 01BF4230 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 01BF21E0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 01BED118 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 01BFA320 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 01BFC370 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 01BFE3C0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 01BFB348 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 01BF92F8 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 01BFD398 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 01BDFF10 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 01BE0F38 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 01BE3FB0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 01BE1F60 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 01BE2F88 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 01BDBE70 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 01BDDEC0 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 01BDCE98 .text C:\Users\Fuelyo\Desktop\OTL.exe[4896] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 01BDEEE8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 00648AF8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 00647AF0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 00630A38 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 0063BA90 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 00634A58 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 00633A50 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 00639A80 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 0063CA98 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 0063FAB0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 00645AE0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 00637A70 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 00631A40 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 0063AA88 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 00635A60 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 00636A68 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 0063DAA0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 00632A48 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 00646AE8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 00641AC0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 00640AB8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 00644AD8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 00642AC8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 0063EAA8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 00643AD0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 00638A78 .text C:\Program Files\WinRAR\WinRAR.exe[5060] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 0064AB08 .text C:\Program Files\WinRAR\WinRAR.exe[5060] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 00649B00 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 00662BC8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 00660BB8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 0065FBB0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 00657B70 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 0065DBA0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 00664BD8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 00659B80 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 0065EBA8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 0065BB90 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 00658B78 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 00656B68 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 00665BE0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 0065AB88 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 00667BF0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 00666BE8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!EndTask 7680FD66 5 Bytes JMP 00655B60 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 00654B58 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 00663BD0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 00661BC0 .text C:\Program Files\WinRAR\WinRAR.exe[5060] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 0065CB98 .text C:\Program Files\WinRAR\WinRAR.exe[5060] SHELL32.dll!ShellExecuteW 75853C59 5 Bytes JMP 00669C00 .text C:\Program Files\WinRAR\WinRAR.exe[5060] SHELL32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 0066BC10 .text C:\Program Files\WinRAR\WinRAR.exe[5060] SHELL32.dll!SHFileOperationW 758996AE 5 Bytes JMP 0066DC20 .text C:\Program Files\WinRAR\WinRAR.exe[5060] SHELL32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 0066AC08 .text C:\Program Files\WinRAR\WinRAR.exe[5060] SHELL32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 00668BF8 .text C:\Program Files\WinRAR\WinRAR.exe[5060] SHELL32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 0066CC18 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 0064FB30 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 00650B38 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 00653B50 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 00651B40 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 00652B48 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 0064BB10 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 0064DB20 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 0064CB18 .text C:\Program Files\WinRAR\WinRAR.exe[5060] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 0064EB28 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtAdjustGroupsToken 77305258 5 Bytes JMP 015B8AF8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtAdjustPrivilegesToken 77305268 5 Bytes JMP 015B7AF0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtCreateFile 773055C8 5 Bytes JMP 015A0A38 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtCreateKey 77305608 5 Bytes JMP 015ABA90 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtCreateProcess 77305698 5 Bytes JMP 015A4A58 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtCreateProcessEx 773056A8 5 Bytes JMP 015A3A50 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtDeleteFile 77305808 5 Bytes JMP 015A9A80 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtDeleteKey 77305818 5 Bytes JMP 015ACA98 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtDeleteValueKey 77305848 5 Bytes JMP 015AFAB0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtInitiatePowerAction 77305B08 5 Bytes JMP 015B5AE0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtLoadDriver 77305B58 5 Bytes JMP 015A7A70 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtOpenFile 77305CD8 5 Bytes JMP 015A1A40 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtOpenKey 77305D08 5 Bytes JMP 015AAA88 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtOpenProcess 77305D88 5 Bytes JMP 015A5A60 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtOpenThread 77305E08 5 Bytes JMP 015A6A68 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtRenameKey 773063C8 5 Bytes JMP 015ADAA0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtSetInformationFile 77306638 5 Bytes JMP 015A2A48 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtSetInformationToken 773066A8 5 Bytes JMP 015B6AE8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtSetSecurityObject 77306758 5 Bytes JMP 015B1AC0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtSetSystemInformation 77306788 5 Bytes JMP 015B0AB8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtSetSystemPowerState 77306798 5 Bytes JMP 015B4AD8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtSetSystemTime 773067A8 5 Bytes JMP 015B2AC8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtSetValueKey 77306808 5 Bytes JMP 015AEAA8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtShutdownSystem 77306828 5 Bytes JMP 015B3AD0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ntdll.dll!NtUnloadDriver 77306958 5 Bytes JMP 015A8A78 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] kernel32.dll!CreateProcessInternalW 774607A2 5 Bytes JMP 015BAB08 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] kernel32.dll!ExitProcess 7746BBE2 5 Bytes JMP 015B9B00 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!OpenServiceW 76F1CA4C 5 Bytes JMP 015BFB30 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!OpenServiceA 76F22BF0 5 Bytes JMP 015C0B38 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!LsaOpenPolicy 76F3077C 5 Bytes JMP 015C3B50 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!CreateServiceW 76F3712C 5 Bytes JMP 015C1B40 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!CreateServiceA 76F53158 5 Bytes JMP 015C2B48 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!InitiateSystemShutdownW 76F6DA6D 5 Bytes JMP 015BBB10 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!InitiateSystemShutdownExW 76F6DB3A 5 Bytes JMP 015BDB20 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!InitiateSystemShutdownA 76F6DC0F 5 Bytes JMP 015BCB18 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] ADVAPI32.dll!InitiateSystemShutdownExA 76F6DCB6 5 Bytes JMP 015BEB28 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!BroadcastSystemMessageExW 767C4255 5 Bytes JMP 015D2BC8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!BroadcastSystemMessageW 767C7CB8 5 Bytes JMP 015D0BB8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!PostThreadMessageA 767CAD09 5 Bytes JMP 015CFBB0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SendMessageA 767CAD60 5 Bytes JMP 015C7B70 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SendNotifyMessageW 767CC88A 5 Bytes JMP 015CDBA0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SetWindowsHookExW 767CE30C 5 Bytes JMP 015D4BD8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SendMessageTimeoutW 767CE459 5 Bytes JMP 015C9B80 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!PostThreadMessageW 767CEEFC 5 Bytes JMP 015CEBA8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SendMessageCallbackW 767D2F7B 5 Bytes JMP 015CBB90 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!PostMessageW 767D447B 5 Bytes JMP 015C8B78 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SendMessageW 767D5539 5 Bytes JMP 015C6B68 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SetWindowsHookExA 767F6D0C 5 Bytes JMP 015D5BE0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SendMessageTimeoutA 767F6DA9 5 Bytes JMP 015CAB88 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SetWindowsHookA 7680B641 5 Bytes JMP 015D7BF0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SetWindowsHookW 7680B65C 5 Bytes JMP 015D6BE8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!EndTask 7680FD66 5 Bytes JMP 015C5B60 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!ExitWindowsEx 768106C7 5 Bytes JMP 015C4B58 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!BroadcastSystemMessageExA 76823B23 5 Bytes JMP 015D3BD0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!BroadcastSystemMessage 76823B4A 5 Bytes JMP 015D1BC0 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] USER32.dll!SendMessageCallbackA 76823E8B 5 Bytes JMP 015CCB98 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] shell32.dll!ShellExecuteW 75853C59 5 Bytes JMP 015D9C00 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] shell32.dll!ShellExecuteExW 75861E2E 5 Bytes JMP 015DBC10 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] shell32.dll!SHFileOperationW 758996AE 5 Bytes JMP 015DDC20 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] shell32.dll!ShellExecuteEx 75A86FE2 5 Bytes JMP 015DAC08 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] shell32.dll!ShellExecuteA 75A8707D 5 Bytes JMP 015D8BF8 .text C:\Users\Fuelyo\AppData\Local\Temp\Rar$EX00.412\gmer.exe[5340] shell32.dll!SHFileOperation 75A9AD9D 5 Bytes JMP 015DCC18 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B0A00C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B0A0FE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8B0A0574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B0A11BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B0A0362] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Common Files\TrustPort\bin\tpmgma.exe[888] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrFindResource_U] [6ECC15C0] C:\Program Files\TrustPort\Antivirus\bin\avlang-PLK.dll (TrustPort Antivirus Resource DLL/TrustPort, a.s.) IAT C:\Windows\system32\msiexec.exe[2332] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\msiexec.exe[2332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\msiexec.exe[2332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\msiexec.exe[2332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\msiexec.exe[2332] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\msiexec.exe[2332] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avss.exe[2468] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrFindResource_U] [6ECC15C0] C:\Program Files\TrustPort\Antivirus\bin\avlang-PLK.dll (TrustPort Antivirus Resource DLL/TrustPort, a.s.) IAT C:\Program Files\TrustPort\Antivirus\bin\avas.exe[2492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrFindResource_U] [6ECC15C0] C:\Program Files\TrustPort\Antivirus\bin\avlang-PLK.dll (TrustPort Antivirus Resource DLL/TrustPort, a.s.) IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[2744] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrFindResource_U] [6ECC15C0] C:\Program Files\TrustPort\Antivirus\bin\avlang-PLK.dll (TrustPort Antivirus Resource DLL/TrustPort, a.s.) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6AFDA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6AFD94D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6AFD94E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6AFD94B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6AFD94A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6AFDAA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6AFDA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\secur32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\secur32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\TrustPort\Antivirus\bin\avcom.exe[3196] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\TrustPort\bin\tptray.exe[3348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrFindResource_U] [70F715C0] C:\Program Files\Common Files\TrustPort\bin\cmnlang-PLK.dll (TrustPort Common Resource DLL/TrustPort, a.s.) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6AFDA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6AFD94D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6AFD94E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6AFD94B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6AFD94A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6AFDAA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6AFDA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6AFD9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6AFD92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7533FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Users\Fuelyo\Desktop\OTL.exe[4896] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] [6AFD9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 855701F8 Device \Driver\usbuhci \Device\USBPDO-0 869A7430 Device \Driver\usbuhci \Device\USBPDO-1 869A7430 Device \Driver\usbuhci \Device\USBPDO-2 869A7430 Device \Driver\usbehci \Device\USBPDO-3 869D1430 Device \Driver\PCI_PNP8886 \Device\00000054 sptd.sys Device \Driver\PCI_PNP8886 \Device\00000054 sptd.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{811F7099-F931-46CE-8850-DA367E4F6874} 868531F8 Device \Driver\usbuhci \Device\USBPDO-4 869A7430 Device \Driver\usbuhci \Device\USBPDO-5 869A7430 Device \Driver\usbuhci \Device\USBPDO-6 869A7430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 869D1430 Device \Driver\cdrom \Device\CdRom0 867A51F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8556E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 8556E1F8 Device \Driver\atapi \Device\Ide\IdePort0 8556E1F8 Device \Driver\atapi \Device\Ide\IdePort1 8556E1F8 Device \Driver\atapi \Device\Ide\IdePort2 8556E1F8 Device \Driver\atapi \Device\Ide\IdePort3 8556E1F8 Device \Driver\atapi \Device\Ide\IdePort4 8556E1F8 Device \Driver\atapi \Device\Ide\IdePort5 8556E1F8 Device \Driver\cdrom \Device\CdRom1 867A51F8 Device \Driver\cdrom \Device\CdRom2 867A51F8 Device \Driver\cdrom \Device\CdRom3 867A51F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 868531F8 Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBFDO-0 869A7430 Device \Driver\usbuhci \Device\USBFDO-1 869A7430 Device \Driver\usbuhci \Device\USBFDO-2 869A7430 Device \Driver\usbehci \Device\USBFDO-3 869D1430 Device \Driver\usbuhci \Device\USBFDO-4 869A7430 Device \Driver\usbuhci \Device\USBFDO-5 869A7430 Device \Driver\usbuhci \Device\USBFDO-6 869A7430 Device \Driver\usbehci \Device\USBFDO-7 869D1430 Device \Driver\ap14h3ty \Device\Scsi\ap14h3ty1Port6Path0Target0Lun0 86B90368 Device \Driver\ap14h3ty \Device\Scsi\ap14h3ty1 86B90368 ---- Threads - GMER 1.0.15 ---- Thread System [4:4104] 9F799F2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0x39 0x6B 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x45 0xC2 0x5E 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x20 0xAE 0x63 0x48 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0x39 0x6B 0x4E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x45 0xC2 0x5E 0x6F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x20 0xAE 0x63 0x48 ... ---- EOF - GMER 1.0.15 ----