GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-16 14:09:23 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01 Running: twcelz7b.exe; Driver: C:\Users\JaDowity\AppData\Local\Temp\ugdirkog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E123708] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8FEDB7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8E12411C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E12EF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E12EF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E12F0F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E12EE96] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8FEDBBBA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E12EEDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8E124310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E12F0B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8E124A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E123756] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8FEDB8AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E1233BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E1237A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E128456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E125464] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E12EF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E12EF96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E12F11A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E12EEBC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E12F03A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E12EF06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E12F0D4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8FEDBA2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E125330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8E124EDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E1237F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E123840] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8E12491C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E123448] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E1235F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E12359E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8E124BFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8E124D5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E123668] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8FEDBAF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8E124794] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E12388E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8FEDB962] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8E124498] INT 0x51 ? 86FCBF00 INT 0x51 ? 86FCBF00 INT 0x62 ? 86FCBF00 INT 0x72 ? 86FCBF00 INT 0x82 ? 86FCBF00 INT 0x92 ? 84A58BF8 INT 0xA2 ? 85814BF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FEF3966] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 340 82AC6964 4 Bytes [08, 37, 12, 8E] .text ntkrnlpa.exe!KeSetTimerEx + 364 82AC6988 4 Bytes [C8, B7, ED, 8F] {ENTER 0xedb7, 0x8f} .text ntkrnlpa.exe!KeSetTimerEx + 3C4 82AC69E8 4 Bytes [1C, 41, 12, 8E] .text ntkrnlpa.exe!KeSetTimerEx + 404 82AC6A28 8 Bytes [28, EF, 12, 8E, 74, EF, 12, ...] {SUB BH, CH; ADC CL, [ESI-0x71ed108c]} .text ntkrnlpa.exe!KeSetTimerEx + 410 82AC6A34 4 Bytes [F6, F0, 12, 8E] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82BEDD5E 5 Bytes JMP 8FEF0806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C2A666 4 Bytes CALL 8E125B07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C39FC9 4 Bytes CALL 8E125B1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82C56872 5 Bytes JMP 8FEF2320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CA2776 7 Bytes JMP 8FEF396A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spve.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88B51000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88B9A000, 0x510, 0x40000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8CC0C000, 0x1E73A0, 0xE8000020] .text USBPORT.SYS!DllUnload 8D1A846F 5 Bytes JMP 86FCB4E0 .text win32k.sys!EngCreateRectRgn + 51BE 81EE4121 5 Bytes JMP 8E128F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 2098 81EF7417 5 Bytes JMP 8E128592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 3DF2 81F02D87 5 Bytes JMP 8E128FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + B50 81F0ADFC 5 Bytes JMP 8E12848C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F35 81F0B1E1 5 Bytes JMP 8E1299A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCombineRgn + 3A1 81F0CD4F 5 Bytes JMP 8E12908C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCombineRgn + 3161 81F0FB0F 5 Bytes JMP 8E128866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetRectRgn + 192F 81F127DB 5 Bytes JMP 8E1286E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 65CF 81F1C989 5 Bytes JMP 8E128DDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8742 81F1EAFC 5 Bytes JMP 8E129D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + A398 81F20752 5 Bytes JMP 8E1290A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + B931 81F21CEB 5 Bytes JMP 8E128C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + C760 81F3C173 5 Bytes JMP 8E128B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + C833 81F3C246 5 Bytes JMP 8E128E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3FBB 81F5E250 5 Bytes JMP 8E12986E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 7DEF 81F62084 5 Bytes JMP 8E128756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 9253 81F6BA92 5 Bytes JMP 8E128FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 442A 81F745A4 5 Bytes JMP 8E1285AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 9061 81F791DB 5 Bytes JMP 8E129B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 92BD 81F79437 5 Bytes JMP 8E129BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 17 81F7D4C0 5 Bytes JMP 8E12995E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 3838 81F8D788 5 Bytes JMP 8E129DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 4D52 81F95F06 5 Bytes JMP 8E129918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 17BC 81F9FA3E 5 Bytes JMP 8E129A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 478A 81FA64CD 5 Bytes JMP 8E128682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 40E 81FC2D0A 5 Bytes JMP 8E12893E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + CC9 81FCCBE8 5 Bytes JMP 8E128812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 81FD0720 5 Bytes JMP 8E129C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 45CE 81FD2615 5 Bytes JMP 8E128FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 30D9 81FEA971 5 Bytes JMP 8E128A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 6CAF 81FEE547 5 Bytes JMP 8E1289D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1209300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA124C300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[348] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[368] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[436] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[572] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\csrss.exe[592] KERNEL32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text ... ? C:\Windows\system32\services.exe[708] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll .text C:\Windows\system32\lsass.exe[724] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\lsm.exe[732] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\System32\rpcnetp.exe[824] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001601F8 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001603FC .text C:\Program Files\Mouse Driver\KMProcess.exe[848] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001903FC .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00190600 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00191014 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00190804 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00190A08 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00190C0C .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00190E10 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001901F8 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 001A0804 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001A01F8 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001A03FC .text C:\Program Files\Mouse Driver\KMProcess.exe[848] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 001A0600 .text C:\Program Files\Mouse Driver\KMProcess.exe[848] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 001A0A08 .text C:\Windows\system32\TODDSrv.exe[868] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[948] KERNEL32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\winlogon.exe[972] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text ... .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001401F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001403FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 003C0804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 003C01F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 003C03FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 003C0600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 003C0A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 003D03FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 003D0600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 003D1014 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 003D0804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 003D0A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 003D0C0C .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 003D0E10 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[1492] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 003D01F8 .text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[1572] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1576] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\Ati2evxx.exe[1712] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001601F8 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001603FC .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Mouse Driver\KMConfig.exe[1728] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1748] kernel32.dll!SetUnhandledExceptionFilter 7730700D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1748] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1872] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Mouse Driver\KMWDSrv.exe[2012] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2096] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text ... .text C:\Windows\system32\taskeng.exe[2132] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2132] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2132] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00080A08 .text C:\Windows\System32\svchost.exe[2164] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2204] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[2272] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2360] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2360] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2360] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[2556] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Corel\Standby\Standby.exe[2564] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehmsas.exe[2636] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehmsas.exe[2636] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 000A03FC .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 000A0600 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 000A1014 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 000A0804 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 000A0A08 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 000A0C0C .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 000A0E10 .text C:\Windows\ehome\ehmsas.exe[2636] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 000A01F8 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 000B0804 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 000B01F8 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 000B03FC .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 000B0600 .text C:\Windows\ehome\ehmsas.exe[2636] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 000B0A08 .text C:\Windows\Explorer.EXE[2764] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2980] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2980] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2980] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2980] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2980] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2980] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2980] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2980] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2980] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00080A08 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001401F8 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001403FC .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ntdll.dll!DbgBreakPoint 77A77B0E 1 Byte [90] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00190804 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001901F8 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001903FC .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00190600 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00190A08 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001A03FC .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 001A0600 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 001A1014 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 001A0804 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 001A0A08 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 001A0C0C .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 001A0E10 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[3076] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001A01F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3408] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001E03FC .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 001E0600 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 001E1014 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 001E0804 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 001E0A08 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 001E0C0C .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 001E0E10 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001E01F8 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 001F0804 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001F01F8 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001F03FC .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 001F0600 .text C:\Users\JaDowity\Downloads\twcelz7b.exe[3616] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001401F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001403FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00160804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00160600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00160A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 002703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00270600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00271014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00270804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00270A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00270C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00270E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3728] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 002701F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3748] KERNEL32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001401F8 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001403FC .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00160804 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001601F8 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001603FC .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00160600 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00160A08 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001703FC .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00170600 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00171014 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00170804 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00170A08 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00170C0C .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00170E10 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3764] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001701F8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001A03FC .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 001A0600 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 001A1014 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 001A0804 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 001A0A08 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 001A0C0C .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 001A0E10 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001A01F8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 002B0804 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 002B01F8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 002B03FC .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 002B0600 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[3776] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 002B0A08 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3800] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3812] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001601F8 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001603FC .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00270804 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 002701F8 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 002703FC .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] USER32.dll!SetWindowsHookExA 779BBB0E 3 Bytes JMP 00270600 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] USER32.dll!SetWindowsHookExA + 4 779BBB12 1 Byte [88] .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00270A08 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 002803FC .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00280600 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00281014 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00280804 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00280A08 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00280C0C .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00280E10 .text C:\Program Files\Mouse Driver\StartAutorun.exe[3828] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 002801F8 .text C:\Program Files\Winamp\winampa.exe[3856] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 000801F8 .text C:\Program Files\Winamp\winampa.exe[3856] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 000803FC .text C:\Program Files\Winamp\winampa.exe[3856] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[3856] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 001B0804 .text C:\Program Files\Winamp\winampa.exe[3856] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001B01F8 .text C:\Program Files\Winamp\winampa.exe[3856] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001B03FC .text C:\Program Files\Winamp\winampa.exe[3856] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 001B0600 .text C:\Program Files\Winamp\winampa.exe[3856] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 001B0A08 .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001C03FC .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 001C0600 .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 001C1014 .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 001C0804 .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 001C0A08 .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 001C0C0C .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 001C0E10 .text C:\Program Files\Winamp\winampa.exe[3856] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001C01F8 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001401F8 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001403FC .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001603FC .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00160600 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00161014 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00160804 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00160A08 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00160C0C .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00160E10 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001601F8 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe[3880] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3892] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00170804 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001701F8 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001703FC .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3908] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001601F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001603FC .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 005F0804 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 005F01F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 005F03FC .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 005F0600 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 005F0A08 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 006003FC .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00600600 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00601014 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00600804 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00600A08 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00600C0C .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00600E10 .text C:\Program Files\Ask.com\Updater\Updater.exe[3924] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 006001F8 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3936] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001401F8 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001403FC .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00160804 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001601F8 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001603FC .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00160600 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00160A08 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001803FC .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00180600 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00181014 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00180804 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00180A08 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00180C0C .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3948] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001801F8 .text C:\Windows\ehome\ehtray.exe[3956] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehtray.exe[3956] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehtray.exe[3956] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehtray.exe[3956] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehtray.exe[3956] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[3956] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehtray.exe[3956] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehtray.exe[3956] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[3956] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00080A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001401F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001403FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 00160804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 001601F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 001603FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 00160600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 00160A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001703FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00170600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00171014 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00170804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00170A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00170C0C .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00170E10 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3964] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001701F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 001703FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 00170600 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 00171014 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 00170804 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 00170A08 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 00170C0C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 00170E10 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 001701F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 01980804 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 019801F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 019803FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 01980600 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3968] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 01980A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 01040804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 010401F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 010403FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 01040600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 01040A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 010503FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 01050600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 01051014 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 01050804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 01050A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 01050C0C .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 01050E10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 010501F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ntdll.dll!LdrLoadDll 77A579B3 5 Bytes JMP 001501F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ntdll.dll!LdrUnloadDll 77A6E5AC 5 Bytes JMP 001503FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] kernel32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] USER32.dll!SetWindowsHookExW 77997B69 5 Bytes JMP 003E0804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] USER32.dll!SetWinEventHook 7799915C 5 Bytes JMP 003E01F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] USER32.dll!UnhookWinEvent 7799B702 5 Bytes JMP 003E03FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] USER32.dll!SetWindowsHookExA 779BBB0E 5 Bytes JMP 003E0600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] USER32.dll!UnhookWindowsHookEx 779C08BE 5 Bytes JMP 003E0A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!CreateServiceW 774038FF 5 Bytes JMP 003F03FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!DeleteService 77403BEE 5 Bytes JMP 003F0600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 774466A9 5 Bytes JMP 003F1014 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 774467A9 5 Bytes JMP 003F0804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77446951 5 Bytes JMP 003F0A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77446A69 5 Bytes JMP 003F0C0C .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77446BB1 5 Bytes JMP 003F0E10 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4032] ADVAPI32.dll!CreateServiceA 77446C71 5 Bytes JMP 003F01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4068] KERNEL32.dll!GetBinaryTypeW + 70 77331CE8 1 Byte [62] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D2] \SystemRoot\System32\Drivers\spve.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B040] \SystemRoot\System32\Drivers\spve.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B7FC] \SystemRoot\System32\Drivers\spve.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0BE] \SystemRoot\System32\Drivers\spve.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13C] \SystemRoot\System32\Drivers\spve.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069AD92] \SystemRoot\System32\Drivers\spve.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 007C0002 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 007C0000 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] 51EC8B55 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 8B565351 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] FF560875 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] 7E510815 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 85D88B00 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] C2840FDB IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] 57000000 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 0068406A IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] FF000010 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 006A5073 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 508415FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] F88B007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] 85FC7D89 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 9E840FFF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 8B000000 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] A4F3544B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 1443B70F IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] 0653B70F IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] 1818448D IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] 8B0CC083 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 08758B08 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 03FC7D8B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 8BF903F1 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] C083FC48 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] A4F34A28 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 758BE975 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 443D8BFC IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 2B007E51 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 458D0875 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 056A50F8 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 75FF016A IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 85D7FFFC IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] EB2574C0 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 04488B1D IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 56F84D29 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] 8B08508D IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] FC450300 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 52F8C183 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNumberOfSetBitsUlongPtr] 5051E9D1 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] 514015FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] 7D83007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] DD7500F8 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] 50F8458D IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] 016A016A IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] FFFC75FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 74C085D7 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 0C488D20 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] C085018B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] F18B1774 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 03FC4D8B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 15FF50C1 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] [007E5080] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 8B14C683 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] [75C08506] C:\Windows\system32\SCESRV.dll (Aparat edytora konfiguracji zabezpieczeń w systemie Windows/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] FC458BEB IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] C95B5E5F IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] 560004C2 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 7140BF57 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 8B57007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 7C15FFF1 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] 6A007E50 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] 3C83580F IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 7E715885 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 09740000 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] 8548C88B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] EBEF75C9 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] 85348907 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] [007E7158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 3415FF57 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 5F007E50 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 5756C35E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 7E7140BF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] F18B5700 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 507C15FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 0F6A007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] 85343958 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] [007E7158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] C88B0974 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] [75C98548] C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] 8308EBF0 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 71588524 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 5700007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 503415FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 5E5F007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] 800068C3 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 006A0000 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 7815FF51 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 50007E50 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] 513C15FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 55C3007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 5351EC8B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] 35FF5756 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] [007E7198] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 513815FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] 8D59007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] E8400044 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserThread] 00002B8C IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 75FFFC8B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] FC7D8908 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 719835FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] EC68007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] 57007E53 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 513415FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] DB33007E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 3910C483 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] 6E7D085D IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] FFF63357 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] 7E507415 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85F88B00 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8D3774FF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] 6A500845 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF575602 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExitUserThread] 7E513015 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 7CC08500 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] FF556A25 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] 15FFFC75 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] [007E512C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] C9335959 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 08896657 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] FFFE1FE8 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 85D88BFF IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] 8B0774DB IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] F72B0875 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] FF57F303 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] 7E507015 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 74F68500 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] FC4D8B53 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 7E7084BA IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] 85D6FF00 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 684575C0 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] 00008000 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] 15FF5350 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] [007E5078] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 5D3936EB IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] BB31740C IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] [007E7140] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 7C15FF53 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] BE007E50 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] [007E7194] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C085068B IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 4D8B0774 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] FFD78B08 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 83C68BD0 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 583D04EE IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] 75007E71 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] 15FF53E7 IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgBreakPoint] [007E5034] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation) IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 5FF0658D IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] C2C95B5E IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] 8B550008 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1748] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71D0F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CB8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73CF9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CBB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CAFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CB7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CAEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73CEB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CBBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CB0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CB06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CA71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D3D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73CD7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CAE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CA697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CA69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CB2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3936] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71D0F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3988] @ C:\Windows\system32\NETAPI32.dll [PSAPI.DLL!GetModuleBaseNameW] [7620159E] C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 858171F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 84A5A1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{F57D112E-53F3-4038-9A7B-C3D5D1297A3D} 8DC731F8 Device \Driver\usbuhci \Device\USBPDO-0 8700F1F8 Device \Driver\usbuhci \Device\USBPDO-1 8700F1F8 Device \Driver\usbehci \Device\USBPDO-2 870121F8 Device \Driver\usbuhci \Device\USBPDO-3 8700F1F8 Device \Driver\usbuhci \Device\USBPDO-4 8700F1F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-5 8700F1F8 Device \Driver\usbehci \Device\USBPDO-6 870121F8 Device \Driver\volmgr \Device\HarddiskVolume1 84A5A1F8 Device \Driver\volmgr \Device\HarddiskVolume2 84A5A1F8 Device \Driver\cdrom \Device\CdRom0 870791F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 858151F8 Device \Driver\iaStor \Device\Ide\iaStor0 [886D0580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 858151F8 Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [886D0580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 84A5A1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{EAC8232A-2F30-4FB6-8F66-FAA69C4AE976} 8DC731F8 Device \Driver\netbt \Device\NetBt_Wins_Export 8DC731F8 Device \Driver\Smb \Device\NetbiosSmb 8DC7F1F8 Device \Driver\iScsiPrt \Device\RaidPort0 870761F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 8700F1F8 Device \Driver\usbuhci \Device\USBFDO-1 8700F1F8 Device \Driver\usbehci \Device\USBFDO-2 870121F8 Device \Driver\usbuhci \Device\USBFDO-3 8700F1F8 Device \Driver\usbuhci \Device\USBFDO-4 8700F1F8 Device \Driver\usbuhci \Device\USBFDO-5 8700F1F8 Device \Driver\usbehci \Device\USBFDO-6 870121F8 Device \FileSystem\cdfs \Cdfs A8E911F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2E 0xE8 0x55 0xD5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2E 0xE8 0x55 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.15 ----