GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-22 15:49:18 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G 92,97GB Running: c9j3cpmk.exe; Driver: C:\DOCUME~1\owner\LOCALS~1\Temp\pwldyfog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8BF059C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8CA4388] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA8BF102E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8C34316] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8BFC7F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8BFC83E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8BFC9D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8C33CCA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8BFC760] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8BFC882] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8BFC7A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA8BF152C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8BFC992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA8BF1DE4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8BF0602] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8C349DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA8C34C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA8BF55C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8C34847] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8C346B2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8CA4450] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8BF01EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8BF0668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8BF598C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8BF2874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8BFC81C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8BFC860] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8BFC9FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8C34026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8BFC786] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8BF4EA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA8BFC910] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8BFC7D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8BF529A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8BFC9B6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8CA45B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8C3452D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8BF2740] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8C3437F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA8BF2296] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8CB14DA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8C33310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA8BF06CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8BF0734] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA8BF1C5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8BF0284] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8BF045A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8C34AE3] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8BF03E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA8BF1FAE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA8BF2110] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA8BF04E2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA8BF1A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA8BF1C3E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA8CA29E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8BF079A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA8BF108A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8CBDBA0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 4 Bytes JMP 8DA8BF01 .text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [CE, 06, BF, A8, 34, 07, BF, ...] .text ntoskrnl.exe!ZwYieldExecution + 45A 804E4CB4 4 Bytes [E8, 03, BF, A8] .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [AE, 1F, BF, A8, 10, 21, BF, ...] PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A8CBC554 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576705 4 Bytes CALL A8BF2F21 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B7F4 7 Bytes JMP A8CBDBA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E052E 5 Bytes JMP A8CBAA3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) init C:\windows\system32\drivers\tifm21.sys entry point in "init" section [0xB955DEBF] .text win32k.sys!EngFreeUserMem + 674 BF809952 5 Bytes JMP A8BF7284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C8AE 5 Bytes JMP A8BF7162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813946 5 Bytes JMP A8BF7116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C598 5 Bytes JMP A8BF66EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79C4 BF824124 5 Bytes JMP A8BF5D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A8E 5 Bytes JMP A8BF73FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831496 5 Bytes JMP A8BF7614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B6BA BF839F00 5 Bytes JMP A8BF700A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF8517AB 5 Bytes JMP A8BF5BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BCDA 5 Bytes JMP A8BF67C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3567 BF85E32A 5 Bytes JMP A8BF622C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 35F2 BF85E3B5 5 Bytes JMP A8BF6508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F626 5 Bytes JMP A8BF5AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5466 BF864A04 5 Bytes JMP A8BF71B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 3665 BF873264 5 Bytes JMP A8BF62F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 41A2 BF873DA1 5 Bytes JMP A8BF64C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890E91 5 Bytes JMP A8BF67E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF89443B 5 Bytes JMP A8BF733C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894F13 5 Bytes JMP A8BF756C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C2CE 5 Bytes JMP A8BF66CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D863 5 Bytes JMP A8BF5DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A996 BF8C1D0C 5 Bytes JMP A8BF5F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A5A4 BF8EB49B 5 Bytes JMP A8BF670A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFF5C 5 Bytes JMP A8BF59C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F212B 5 Bytes JMP A8BF6008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F23AB 5 Bytes JMP A8BF6150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF914636 5 Bytes JMP A8BF5CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEC BF9148E2 5 Bytes JMP A8BF688C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF91520A 5 Bytes JMP A8BF5EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F95 BF917B8B 5 Bytes JMP A8BF6628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1934 BF947E24 5 Bytes JMP A8BF74BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[244] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[328] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC .text C:\windows\System32\smss.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\csrss.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\csrss.exe[688] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\SYSTEM32\winlogon.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\SYSTEM32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text F:\DANE\Programy\OTL + GMER + Security Check\c9j3cpmk.exe[908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text F:\DANE\Programy\OTL + GMER + Security Check\c9j3cpmk.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\svchost.exe[940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\svchost.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\System32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\System32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\Explorer.EXE[1108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8 .text C:\windows\Explorer.EXE[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\Explorer.EXE[1108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC .text C:\windows\Explorer.EXE[1108] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014 .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804 .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08 .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10 .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8 .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC .text C:\windows\Explorer.EXE[1108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600 .text C:\windows\Explorer.EXE[1108] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00320A08 .text C:\windows\Explorer.EXE[1108] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00320804 .text C:\windows\Explorer.EXE[1108] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00320600 .text C:\windows\Explorer.EXE[1108] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003201F8 .text C:\windows\Explorer.EXE[1108] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003203FC .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\svchost.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Programy\Avast\avastUI.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Programy\Avast\avastUI.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\WINDOWS\system32\hkcmd.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\hkcmd.exe[1360] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1360] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\hkcmd.exe[1360] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\hkcmd.exe[1360] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\hkcmd.exe[1360] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\hkcmd.exe[1360] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hkcmd.exe[1360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\00THotkey.exe[1368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\00THotkey.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\00THotkey.exe[1368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\00THotkey.exe[1368] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\00THotkey.exe[1368] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\00THotkey.exe[1368] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\00THotkey.exe[1368] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\00THotkey.exe[1368] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\00THotkey.exe[1368] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\00THotkey.exe[1368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600 .text C:\windows\system32\TPSMain.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\windows\system32\TPSMain.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\TPSMain.exe[1404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\windows\system32\TPSMain.exe[1404] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\TPSMain.exe[1404] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08 .text C:\windows\system32\TPSMain.exe[1404] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804 .text C:\windows\system32\TPSMain.exe[1404] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600 .text C:\windows\system32\TPSMain.exe[1404] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8 .text C:\windows\system32\TPSMain.exe[1404] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014 .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804 .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08 .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10 .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8 .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC .text C:\windows\system32\TPSMain.exe[1404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxpers.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\WINDOWS\system32\igfxpers.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\igfxpers.exe[1420] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\igfxpers.exe[1420] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxpers.exe[1420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[1440] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1456] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC .text C:\Program Files\Programy\Avast\AvastSvc.exe[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Programy\Avast\AvastSvc.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\spoolsv.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\spoolsv.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\svchost.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\svchost.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\wscntfy.exe[1748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8 .text C:\windows\system32\wscntfy.exe[1748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\wscntfy.exe[1748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC .text C:\windows\system32\wscntfy.exe[1748] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\wscntfy.exe[1748] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00310A08 .text C:\windows\system32\wscntfy.exe[1748] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00310804 .text C:\windows\system32\wscntfy.exe[1748] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00310600 .text C:\windows\system32\wscntfy.exe[1748] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003101F8 .text C:\windows\system32\wscntfy.exe[1748] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003103FC .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00321014 .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00320804 .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320A08 .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00320C0C .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320E10 .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003201F8 .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003203FC .text C:\windows\system32\wscntfy.exe[1748] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00320600 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[1880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe[1944] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003F03FC .text C:\windows\system32\TFNF5.exe[1996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\windows\system32\TFNF5.exe[1996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\TFNF5.exe[1996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\windows\system32\TFNF5.exe[1996] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\TFNF5.exe[1996] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08 .text C:\windows\system32\TFNF5.exe[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804 .text C:\windows\system32\TFNF5.exe[1996] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600 .text C:\windows\system32\TFNF5.exe[1996] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8 .text C:\windows\system32\TFNF5.exe[1996] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\windows\system32\TFNF5.exe[1996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\DVDRAMSV.exe[2004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\windows\system32\ctfmon.exe[2084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\windows\system32\ctfmon.exe[2084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\ctfmon.exe[2084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\windows\system32\ctfmon.exe[2084] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00321014 .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00320804 .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320A08 .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00320C0C .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320E10 .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003201F8 .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003203FC .text C:\windows\system32\ctfmon.exe[2084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00320600 .text C:\windows\system32\ctfmon.exe[2084] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00330A08 .text C:\windows\system32\ctfmon.exe[2084] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00330804 .text C:\windows\system32\ctfmon.exe[2084] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00330600 .text C:\windows\system32\ctfmon.exe[2084] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003301F8 .text C:\windows\system32\ctfmon.exe[2084] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003303FC .text C:\windows\System32\alg.exe[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8 .text C:\windows\System32\alg.exe[2144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\System32\alg.exe[2144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC .text C:\windows\System32\alg.exe[2144] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\System32\alg.exe[2144] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00310A08 .text C:\windows\System32\alg.exe[2144] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00310804 .text C:\windows\System32\alg.exe[2144] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00310600 .text C:\windows\System32\alg.exe[2144] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003101F8 .text C:\windows\System32\alg.exe[2144] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003103FC .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00321014 .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00320804 .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320A08 .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00320C0C .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320E10 .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003201F8 .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003203FC .text C:\windows\System32\alg.exe[2144] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00320600 .text C:\windows\system32\svchost.exe[2388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8 .text C:\windows\system32\svchost.exe[2388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\svchost.exe[2388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC .text C:\windows\system32\svchost.exe[2388] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014 .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804 .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08 .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10 .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8 .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC .text C:\windows\system32\svchost.exe[2388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600 .text C:\windows\system32\svchost.exe[2388] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00460A08 .text C:\windows\system32\svchost.exe[2388] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00460804 .text C:\windows\system32\svchost.exe[2388] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00460600 .text C:\windows\system32\svchost.exe[2388] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 004601F8 .text C:\windows\system32\svchost.exe[2388] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 004603FC .text C:\windows\system32\svchost.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8 .text C:\windows\system32\svchost.exe[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\svchost.exe[2640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC .text C:\windows\system32\svchost.exe[2640] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014 .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804 .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08 .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10 .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8 .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC .text C:\windows\system32\svchost.exe[2640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600 .text C:\windows\system32\svchost.exe[2640] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00460A08 .text C:\windows\system32\svchost.exe[2640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00460804 .text C:\windows\system32\svchost.exe[2640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00460600 .text C:\windows\system32\svchost.exe[2640] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 004601F8 .text C:\windows\system32\svchost.exe[2640] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 004603FC .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[2796] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\ThpSrv.exe[2852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\ThpSrv.exe[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ThpSrv.exe[2852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\ThpSrv.exe[2852] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\ThpSrv.exe[2852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\ThpSrv.exe[2852] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\ThpSrv.exe[2852] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\ThpSrv.exe[2852] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\ThpSrv.exe[2852] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\ThpSrv.exe[2852] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\TODDSrv.exe[2904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\WINDOWS\system32\TODDSrv.exe[2904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\TODDSrv.exe[2904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\TODDSrv.exe[2904] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\TODDSrv.exe[2904] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\TODDSrv.exe[2904] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\TODDSrv.exe[2904] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\TODDSrv.exe[2904] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\TODDSrv.exe[2904] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\TODDSrv.exe[2904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 .text C:\windows\system32\TPSBattM.exe[3088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8 .text C:\windows\system32\TPSBattM.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\windows\system32\TPSBattM.exe[3088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC .text C:\windows\system32\TPSBattM.exe[3088] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\windows\system32\TPSBattM.exe[3088] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08 .text C:\windows\system32\TPSBattM.exe[3088] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804 .text C:\windows\system32\TPSBattM.exe[3088] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600 .text C:\windows\system32\TPSBattM.exe[3088] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8 .text C:\windows\system32\TPSBattM.exe[3088] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014 .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804 .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08 .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10 .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8 .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC .text C:\windows\system32\TPSBattM.exe[3088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\windows\system32\services.exe[756] @ C:\windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00600002 IAT C:\windows\system32\services.exe[756] @ C:\windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00600000 IAT C:\Program Files\Programy\Avast\avastUI.exe[1352] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\Programy\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Programy\Avast\AvastSvc.exe[1500] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\Programy\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Files - GMER 2.1 ---- File C:\WINDOWS\setupact.log 34 bytes File C:\WINDOWS\setupapi.log 44970 bytes File C:\WINDOWS\setuperr.log 0 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973 0 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(10)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(10).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(100).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(101).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(102).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(103).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(104).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(105).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(106).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(17).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(18)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(18).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(19)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(19).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(2)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(2)(3).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(20)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(20).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(21)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(21).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(22)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(22).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(23)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(23).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(24)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(24).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(25)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(25).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(26)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(26).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(27)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(27).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(28)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(28).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(40).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(41)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(41).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(42)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(42).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(43)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(43).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(44)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(44).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(45)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(45).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(46)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(46).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(47)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(47).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(48)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(48).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(107).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(17)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(29)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(40)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(49)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(56)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(7)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(9)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(29).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(3)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(3)(3).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(3).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(30)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(30).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(31)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(31).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(32)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(32).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(33)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(33).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(34)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(34).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(35)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(35).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(36)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(36).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(37)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(37).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(38)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(38).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(39)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(39).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(4)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(4)(3).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(4).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(49).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(5)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(5)(3).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(5).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(50)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(50).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(51)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(51).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(52)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(52).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(53)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(53).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(54)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(54).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(55)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(55).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(56).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(57).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(58).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(59).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(6)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(6)(3).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(6).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(60).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(61).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(62).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(63).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(64).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(65).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(66).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(67).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(68).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(69).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\L 0 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\L\bgaiaine 456320 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(9).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(90).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(91).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(92).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(93).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(94).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(95).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(96).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(97).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(98).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(99).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader.tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U 0 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@00000001 41360 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@000000c0 2560 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@000000cb 2048 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@80000000 24576 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@800000c0 33280 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@800000cb 27648 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\U\@800000cf 27648 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(7).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(70).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(71).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(72).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(73).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(74).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(75).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(76).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(77).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(78).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(79).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(8)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(8).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(80).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(81).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(82).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(83).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(84).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(85).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(86).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(87).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(88).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(89).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(108).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(109).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(11)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(11).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(110).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(111).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(112).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(113).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(114).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(115).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(12)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(12).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(13)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(13).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(14)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(14).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(15)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(15).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(16)(2).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2539609973\loader(16).tlb 2540 bytes File C:\WINDOWS\$NtUninstallKB14293$\2653335889 0 bytes File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-4195601210-1726681247-3743928433-1005 0 bytes File C:\avast! sandbox\S-1-5-21-4195601210-1726681247-3743928433-1005\r62 0 bytes File C:\avast! sandbox\S-1-5-21-4195601210-1726681247-3743928433-1005\r62\OTL.exe_{2b25fc0c-92dc-11e2-866c-0018de2b0af6} 0 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG 1024 bytes ---- EOF - GMER 2.1 ----