GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-14 09:59:54 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e SAMSUNG_HD080HJ/P rev.ZH100-34 74,53GB Running: cqhnng22.exe; Driver: C:\DOCUME~1\LOG\USTAWI~1\Temp\uxriqpog.sys ---- System - GMER 2.1 ---- SSDT 8976E2A0 ZwAlertResumeThread SSDT 8979F360 ZwAlertThread SSDT 895379B8 ZwAllocateVirtualMemory SSDT 89A92B08 ZwAssignProcessToJobObject SSDT 897B0850 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xA9560ED0] SSDT 895DE5B8 ZwCreateMutant SSDT 89577F60 ZwCreateSymbolicLinkObject SSDT 897FDA68 ZwCreateThread SSDT 89CA7EF8 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xA9561150] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xA9561810] SSDT 89537DE8 ZwDuplicateObject SSDT 895374E8 ZwFreeVirtualMemory SSDT 8982E4B8 ZwImpersonateAnonymousToken SSDT 897AA618 ZwImpersonateThread SSDT 897F79C0 ZwLoadDriver SSDT 89591148 ZwMapViewOfSection SSDT 89792C40 ZwOpenEvent SSDT 89697C70 ZwOpenProcess SSDT 898022E8 ZwOpenProcessToken SSDT 89839EF8 ZwOpenSection SSDT 89697B80 ZwOpenThread SSDT 89578B18 ZwProtectVirtualMemory SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xA9561D80] SSDT 897A55A0 ZwResumeThread SSDT 89803C68 ZwSetContextThread SSDT 895E8D60 ZwSetInformationProcess SSDT 89821310 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xA9561AA0] SSDT 897F6360 ZwSuspendProcess SSDT 897A6430 ZwSuspendThread SSDT 89CFD0B0 ZwTerminateProcess SSDT 89807EF8 ZwTerminateThread SSDT 898027A8 ZwUnmapViewOfSection SSDT 89537880 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CEC 805045D4 4 Bytes CALL E6D99956 .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504610 4 Bytes [E8, 74, 53, 89] ? SYMDS.SYS Nie można odnaleźć określonego pliku. ! ? SYMEFA.SYS Nie można odnaleźć określonego pliku. ! init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9A19F80] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003E0048 .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003C004C .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003E020E .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003E012A .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003E0682 .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003E059E .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003E03D6 .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003E02F2 .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5B, 88, EB, F9] {POP EBX; MOV BL, CH; STC } .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003E04BA .text C:\Program Files\Java\jre7\bin\jqs.exe[420] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003E0766 .text C:\Program Files\Java\jre7\bin\jqs.exe[420] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003E084A .text C:\Program Files\Winamp\winampa.exe[1564] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00330048 .text C:\Program Files\Winamp\winampa.exe[1564] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0031004C .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 0033020E .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 0033012A .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 00330682 .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 0033059E .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003303D6 .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003302F2 .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [50, 88, EB, F9] {PUSH EAX; MOV BL, CH; STC } .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003304BA .text C:\Program Files\Winamp\winampa.exe[1564] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 00330766 .text C:\Program Files\Winamp\winampa.exe[1564] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0033084A .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003F0048 .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003D004C .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003F0A0E .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003F020E .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003F012A .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003F0682 .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003F059E .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003F03D6 .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003F02F2 .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5C, 88, EB, F9] {POP ESP; MOV BL, CH; STC } .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003F04BA .text C:\Program Files\Ask.com\Updater\Updater.exe[2008] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003F0766 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003F0048 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003D004C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003F020E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003F012A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003F0682 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003F059E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003F03D6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003F02F2 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5C, 88, EB, F9] {POP ESP; MOV BL, CH; STC } .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003F04BA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003F0766 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2076] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003F0A0E .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003F0048 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003D004C .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003F084A .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003F020E .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003F012A .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003F0682 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003F059E .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003F03D6 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003F02F2 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5C, 88, EB, F9] {POP ESP; MOV BL, CH; STC } .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003F04BA .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003F0766 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 048E0048 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 03F3004C .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 048E084A .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 048E020E .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 048E012A .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 048E0682 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 048E059E .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 048E03D6 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 048E02F2 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [AB, 8C, EB, F9] {STOSD ; MOV EBX, GS; STC } .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 048E04BA .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2316] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 048E0766 .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003E0048 .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003C004C .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003E020E .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003E012A .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003E0682 .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003E059E .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003E03D6 .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003E02F2 .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5B, 88, EB, F9] {POP EBX; MOV BL, CH; STC } .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003E04BA .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003E0766 .text C:\Documents and Settings\LOG\Pulpit\FIXIT_PC\cqhnng22.exe[3064] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003E084A .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003F0048 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 003D004C .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003F020E .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 003F012A .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 003F0682 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 003F059E .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003F03D6 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 2 Bytes JMP 003F02F2 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E2720F 4 Bytes [5C, 88, EB, F9] {POP ESP; MOV BL, CH; STC } .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 003F04BA .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 003F0766 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[3076] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 003F0A0E .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00320048 .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0030004C .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016F6D70 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01A4D736 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01A4D713 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01711C62 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 018D6045 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] USER32.dll!DeviceEventWorker + 178 7E3AA270 7 Bytes JMP 0032012A .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01A4D694 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!OpenSCManagerW + A3 77DD6FF8 7 Bytes JMP 003202F0 .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!LogonUserExW + 461 77DE4A04 7 Bytes JMP 0032020C .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!SystemFunction025 + 8D 77DE4C61 7 Bytes JMP 00320764 .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E26E64 7 Bytes JMP 00320680 .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!ChangeServiceConfigA + 193 77E26FFC 7 Bytes JMP 003204B8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E2720C 7 Bytes JMP 003203D4 .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!CreateServiceA + 193 77E273A4 7 Bytes JMP 0032059C .text C:\Program Files\Mozilla Firefox\firefox.exe[3300] ADVAPI32.dll!CreateServiceW + 103 77E274AC 7 Bytes JMP 00320848 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS ---- EOF - GMER 2.1 ----