GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-06 01:12:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465,76GB Running: jjesh1w3.exe; Driver: C:\Users\Part\AppData\Local\Temp\kxlirpow.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\services.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[444] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1316] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1436] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE[1464] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe[1488] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 00000001001e075c .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001001e03a4 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 00000001001e0b14 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 00000001001e0ecc .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 00000001001e163c .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 00000001001e1284 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001001e19f4 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\svchost.exe[1156] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe[1932] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010036075c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001003603a4 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100360b14 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100360ecc .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010036163c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100361284 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001003619f4 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1540] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b3faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b3fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b3fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b40018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b41900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b5c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b61217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000764e5181 5 bytes JMP 00000001001d1014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000764e5254 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000764e53d5 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000764e54c2 5 bytes JMP 00000001001d0c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000764e55e2 5 bytes JMP 00000001001d0e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000764e567c 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000764e589f 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000764e5a22 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a6ee09 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a73982 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a77603 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a7835c 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2072] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a8f52b 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b3faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b3fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b3fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b40018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b41900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b5c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b61217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea30a 1 byte [62] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000764e5181 5 bytes JMP 0000000100081014 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000764e5254 5 bytes JMP 0000000100080804 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000764e53d5 5 bytes JMP 0000000100080a08 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000764e54c2 5 bytes JMP 0000000100080c0c .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000764e55e2 5 bytes JMP 0000000100080e10 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000764e567c 5 bytes JMP 00000001000801f8 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000764e589f 5 bytes JMP 00000001000803fc .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000764e5a22 5 bytes JMP 0000000100080600 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a6ee09 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a73982 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a77603 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a7835c 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2204] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a8f52b 5 bytes JMP 0000000100090a08 .text C:\Windows\system32\svchost.exe[2224] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\svchost.exe[2224] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b3faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b3fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b3fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b40018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b41900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b5c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b61217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000764e5181 5 bytes JMP 0000000100111014 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000764e5254 5 bytes JMP 0000000100110804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000764e53d5 5 bytes JMP 0000000100110a08 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000764e54c2 5 bytes JMP 0000000100110c0c .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000764e55e2 5 bytes JMP 0000000100110e10 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000764e567c 5 bytes JMP 00000001001101f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000764e589f 5 bytes JMP 00000001001103fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000764e5a22 5 bytes JMP 0000000100110600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a6ee09 5 bytes JMP 00000001003d01f8 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a73982 5 bytes JMP 00000001003d03fc .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a77603 5 bytes JMP 00000001003d0804 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a7835c 5 bytes JMP 00000001003d0600 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2264] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a8f52b 5 bytes JMP 00000001003d0a08 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010026075c .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001002603a4 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100260b14 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100260ecc .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010026163c .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100261284 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001002619f4 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\svchost.exe[2700] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\svchost.exe[2800] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010042075c .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001004203a4 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100420b14 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100420ecc .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010042163c .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100421284 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001004219f4 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\taskhost.exe[3052] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010045075c .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001004503a4 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100450b14 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100450ecc .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010045163c .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100451284 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001004519f4 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\Dwm.exe[2808] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010028075c .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001002803a4 .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100280b14 .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100280ecc .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010028163c .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100281284 .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001002819f4 .text C:\Windows\Explorer.EXE[2896] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\Explorer.EXE[2896] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010028075c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001002803a4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100280b14 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100280ecc .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010028163c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100281284 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001002819f4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[3352] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 00000001002a075c .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001002a03a4 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 00000001002a0b14 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 00000001002a0ecc .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 00000001002a163c .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 00000001002a1284 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001002a19f4 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\System32\rundll32.exe[3436] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b3faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b3fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b3fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b40018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b41900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b5c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b61217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea30a 1 byte [62] .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a6ee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a73982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a77603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a7835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a8f52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000764e5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000764e5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000764e53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000764e54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000764e55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000764e567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000764e589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[3624] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000764e5a22 5 bytes JMP 0000000100250600 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010043075c .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001004303a4 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100430b14 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100430ecc .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010043163c .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100431284 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001004319f4 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\SearchIndexer.exe[3712] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010023075c .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001002303a4 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100230b14 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100230ecc .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010023163c .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100231284 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001002319f4 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Program Files\Dell\QuickSet\quickset.exe[3736] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\system32\wbem\wmiprvse.exe[3824] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Program Files\IDT\WDM\sttray64.exe[3856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010039075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001003903a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100390b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100390ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010039163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100391284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001003919f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007777eecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3928] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4036] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b3faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b3fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b3fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b40018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b41900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b5c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b61217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea30a 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000764e5181 5 bytes JMP 00000001001e1014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000764e5254 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000764e53d5 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000764e54c2 5 bytes JMP 00000001001e0c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000764e55e2 5 bytes JMP 00000001001e0e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000764e567c 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000764e589f 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000764e5a22 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a6ee09 5 bytes JMP 00000001001f01f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a73982 5 bytes JMP 00000001001f03fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a77603 5 bytes JMP 00000001001f0804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a7835c 5 bytes JMP 00000001001f0600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3244] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a8f52b 5 bytes JMP 00000001001f0a08 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077963ae0 5 bytes JMP 000000010012075c .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077967a90 5 bytes JMP 00000001001203a4 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077991490 5 bytes JMP 0000000100120b14 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000779914f0 5 bytes JMP 0000000100120ecc .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000779915d0 5 bytes JMP 000000010012163c .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077991810 5 bytes JMP 0000000100121284 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077992840 5 bytes JMP 00000001001219f4 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\System32\svchost.exe[3552] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b3faa0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b3fb38 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b3fc90 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b40018 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b41900 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b5c45a 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b61217 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea30a 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000764e5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000764e5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000764e53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000764e54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000764e55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000764e567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000764e589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000764e5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a6ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a73982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a77603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a7835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2192] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a8f52b 5 bytes JMP 0000000100250a08 .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe0d6e00 5 bytes JMP 000007ff7e0f1dac .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe0d6f2c 5 bytes JMP 000007ff7e0f0ecc .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe0d7220 5 bytes JMP 000007ff7e0f1284 .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe0d739c 5 bytes JMP 000007ff7e0f163c .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe0d7538 5 bytes JMP 000007ff7e0f19f4 .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe0d75e8 5 bytes JMP 000007ff7e0f03a4 .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe0d790c 5 bytes JMP 000007ff7e0f075c .text C:\Windows\System32\svchost.exe[2772] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe0d7ab4 5 bytes JMP 000007ff7e0f0b14 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b3faa0 5 bytes JMP 0000000100030600 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b3fb38 5 bytes JMP 0000000100030804 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b3fc90 5 bytes JMP 0000000100030c0c .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b40018 5 bytes JMP 0000000100030a08 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b41900 5 bytes JMP 0000000100030e10 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b5c45a 5 bytes JMP 00000001000301f8 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b61217 5 bytes JMP 00000001000303fc .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000758ea30a 1 byte [62] .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000764e5181 5 bytes JMP 00000001002c1014 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000764e5254 5 bytes JMP 00000001002c0804 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000764e53d5 5 bytes JMP 00000001002c0a08 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000764e54c2 5 bytes JMP 00000001002c0c0c .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000764e55e2 5 bytes JMP 00000001002c0e10 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000764e567c 5 bytes JMP 00000001002c01f8 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000764e589f 5 bytes JMP 00000001002c03fc .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000764e5a22 5 bytes JMP 00000001002c0600 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a6ee09 5 bytes JMP 00000001002d01f8 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a73982 5 bytes JMP 00000001002d03fc .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a77603 5 bytes JMP 00000001002d0804 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a7835c 5 bytes JMP 00000001002d0600 .text C:\Users\Part\Desktop\jjesh1w3.exe[2132] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a8f52b 5 bytes JMP 00000001002d0a08 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\taskhost.exe [3052:2812] 000007fefc471010 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3032:3496] 000007fefdb60168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3032:3988] 000007fefb292a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3032:4028] 000007fef056d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3032:3168] 000007fef9075124 Thread C:\Windows\System32\svchost.exe [2772:1656] 000007feef509688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 29 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 797934 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619e3c4bd Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619e3c4bd@0012d2d063a7 0x7D 0xCF 0x7E 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619e3c4bd@001b59487a19 0xEE 0xF6 0x3C 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619e3c4bd@8400d26e75ad 0xD5 0x41 0x1B 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x38 0xEA 0xBF 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x21 0x01 0x61 0xF7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5D 0x0C 0xC5 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 29 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 797934 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619e3c4bd (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619e3c4bd@0012d2d063a7 0x7D 0xCF 0x7E 0x13 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619e3c4bd@001b59487a19 0xEE 0xF6 0x3C 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619e3c4bd@8400d26e75ad 0xD5 0x41 0x1B 0x30 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x38 0xEA 0xBF 0x3C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x21 0x01 0x61 0xF7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5D 0x0C 0xC5 0x81 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----