GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-14 09:57:23 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812AS rev.3.AAE 149,05GB Running: cqhnng22.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\fwldqpoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA88F059C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA89A4388] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA88F102E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8934316] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA88FC7F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA88FC83E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA88FC9D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8933CCA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA88FC760] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA88FC882] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA88FC7A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA88F152C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA88FC992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA88F1DE4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA88F0602] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA89349DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA8934C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA88F55C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8934847] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA89346B2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA89A4450] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA88F01EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA88F0668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA88F598C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA88F2874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA88FC81C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA88FC860] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA88FC9FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8934026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA88FC786] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA88F4EA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA88FC910] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA88FC7D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA88F529A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA88FC9B6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA89A45B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA893452D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA88F2740] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA893437F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA88F2296] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA89B14DA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8933310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA88F06CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA88F0734] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA88F1C5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA88F0284] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA88F045A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8934AE3] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA88F03E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA88F1FAE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA88F2110] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA88F04E2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA88F1A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA88F1C3E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA89A29E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA88F079A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA88F108A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA89BDBA0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504648 4 Bytes [EA, 01, 8F, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504810 12 Bytes [CE, 06, 8F, A8, 34, 07, 8F, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FC0 805048A8 4 Bytes [E8, 03, 8F, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048B8 12 Bytes [AE, 1F, 8F, A8, 10, 21, 8F, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A88F2F21 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A89BAA3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A89BC554 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A89BDBA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF8099A8 5 Bytes JMP A88F7284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C904 5 Bytes JMP A88F7162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8139C6 5 Bytes JMP A88F7116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C618 5 Bytes JMP A88F66EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79C4 BF8241A4 5 Bytes JMP A88F5D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828B0E 5 Bytes JMP A88F73FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831516 5 Bytes JMP A88F7614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B6BA BF839F80 5 Bytes JMP A88F700A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CB BF851843 5 Bytes JMP A88F5BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BD6A 5 Bytes JMP A88F67C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3567 BF85E3BA 5 Bytes JMP A88F622C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 35F2 BF85E445 5 Bytes JMP A88F6508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F6B6 5 Bytes JMP A88F5AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5466 BF864A94 5 Bytes JMP A88F71B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35EF BF87327E 5 Bytes JMP A88F62F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 412C BF873DBB 5 Bytes JMP A88F64C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890EAB 5 Bytes JMP A88F67E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF894455 5 Bytes JMP A88F733C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894F2D 5 Bytes JMP A88F756C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C2E6 5 Bytes JMP A88F66CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D87B 5 Bytes JMP A88F5DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A99B BF8C1D2C 5 Bytes JMP A88F5F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A5A0 BF8EB467 5 Bytes JMP A88F670A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFF28 5 Bytes JMP A88F59C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F20F7 5 Bytes JMP A88F6008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F2377 5 Bytes JMP A88F6150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A13 BF9145F9 5 Bytes JMP A88F5CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CBF BF9148A5 5 Bytes JMP A88F688C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25E7 BF9151CD 5 Bytes JMP A88F5EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F68 BF917B4E 5 Bytes JMP A88F6628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 193F BF947E1F 5 Bytes JMP A88F74BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00480804 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00480A08 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00480600 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004801F8 .text C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe[552] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004803FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[580] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\smss.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[696] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[736] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hkcmd.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hkcmd.exe[1016] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\hkcmd.exe[1016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\hkcmd.exe[1016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\hkcmd.exe[1016] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\hkcmd.exe[1016] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014 .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804 .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08 .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10 .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8 .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC .text C:\WINDOWS\system32\hkcmd.exe[1016] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600 .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxpers.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxpers.exe[1120] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxpers.exe[1120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxpers.exe[1120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxpers.exe[1120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxpers.exe[1120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxpers.exe[1120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe[1140] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1468] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\ctfmon.exe[1532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[1532] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\ctfmon.exe[1532] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\ctfmon.exe[1532] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\WINDOWS\system32\ctfmon.exe[1532] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\WINDOWS\system32\ctfmon.exe[1532] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\WINDOWS\system32\ctfmon.exe[1532] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\WINDOWS\system32\ctfmon.exe[1532] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\WINDOWS\system32\spoolsv.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxsrvc.exe[1656] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\igfxsrvc.exe[1656] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1964] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804 .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08 .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600 .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8 .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe[2124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\HPSIsvc.exe[2148] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\HPSIsvc.exe[2148] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\HPSIsvc.exe[2148] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2168] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2268] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2336] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\svchost.exe[2336] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\system32\svchost.exe[2336] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00731014 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00730804 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00730A08 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00730C0C .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00730E10 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007301F8 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007303FC .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\OTL.exe[2676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00730600 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002E0804 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 106E3730 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 106E37A0 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002E0A08 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002E0600 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002E01F8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002E03FC .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\Program Files\Gadu-Gadu 10\gg.exe[2708] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\Documents and Settings\Admin\Pulpit\FIXIT_PC\cqhnng22.exe[3488] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\WINDOWS\System32\alg.exe[3824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3824] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\alg.exe[3824] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\System32\alg.exe[3824] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[780] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1152] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----