GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-22 00:28:15 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y120L0 rev.YAR41BW0 Running: 48gwbv4d.exe; Driver: C:\DOCUME~1\Daniel\USTAWI~1\Temp\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB785B202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB78C1D8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB787F6C1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB785D7F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB785D848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB785D95E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB787F075] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB785D746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB785D898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB785D79A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB785D90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB785B226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB787FD87] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB788003D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB785DBE2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB787FBF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB787FA5D] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB78C1E3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB785AFF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB785B24A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB785DD56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB785BCDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB785D820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB785D870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB785D988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB787F3D1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB785D772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB785DA1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB785D8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB785D7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB785DAFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB785D936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB78C1ED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB787F8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB785BBA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB787F72A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB78CA10E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB787E6E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB785B26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB785B292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB785B04A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB785B186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB787FE8E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB785B162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB785B1AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB785B2B6] INT 0x62 ? 8990ECB8 INT 0x73 ? 89599CB8 INT 0x73 ? 89599CB8 INT 0x73 ? 89599CB8 INT 0x73 ? 89599CB8 INT 0x73 ? 89599CB8 INT 0x73 ? 89599CB8 INT 0x82 ? 8990ECB8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB78D7398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 37C 804E29D8 4 Bytes CALL 9D05B1C3 PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP B78D47F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B712 4 Bytes CALL B785C335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP B78D739C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F84D 5 Bytes JMP B78D2D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text sptd.sys F74C7000 32 Bytes [98, 02, 6F, 80, 20, 07, 6F, ...] .text sptd.sys F74C7024 4 Bytes [74, 9F, 4B, F7] .text sptd.sys F74C702C 424 Bytes [36, 14, 5C, 80, A7, 92, 4D, ...] .text sptd.sys F74C71E4 4 Bytes [A1, A9, EB, 4C] .text sptd.sys F74C71EC 1 Byte [02] .text ... .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xF75A10AD] ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload B8F218AC 5 Bytes JMP 895991C8 PAGE aesbgasc.SYS B8DE1800 32 Bytes [03, 57, 8B, 7D, 08, 89, 75, ...] PAGE aesbgasc.SYS B8DE1822 7 Bytes [00, 85, C0, 0F, 84, F6, 03] PAGE aesbgasc.SYS B8DE182A 15 Bytes [00, 80, FA, AD, 75, 0A, 80, ...] PAGE aesbgasc.SYS B8DE183A 98 Bytes [80, FA, A3, 75, 12, 8A, 53, ...] PAGE aesbgasc.SYS B8DE189D 87 Bytes [00, EB, 04, 83, 65, F4, 00, ...] PAGE ... .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP B785ECA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP B785EBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP B785DE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP B785DF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP B785EE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP B785EB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP B785F014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP B785DFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP B785DE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP B785EF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP B785ED54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP B785EBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP B785E2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP B785E180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP B785E326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP B785E03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP B785DD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP B785E0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP B785E0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP B785DEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP B785E008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP B785E440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP B785EECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\alg.exe[368] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[368] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[368] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[368] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[368] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[368] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[368] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[368] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\smss.exe[488] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[552] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[784] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[784] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[888] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1176] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1296] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1296] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\Explorer.EXE[1296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Winamp\winampa.exe[1452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\Program Files\Winamp\winampa.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[1452] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\Program Files\Winamp\winampa.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00331014 .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00330804 .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00330A08 .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 3 Bytes JMP 00330C0C .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A + 4 77E270DD 1 Byte [88] .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00330E10 .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003301F8 .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003303FC .text C:\Program Files\Winamp\winampa.exe[1452] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00330600 .text C:\Program Files\Winamp\winampa.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\Program Files\Winamp\winampa.exe[1452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\Program Files\Winamp\winampa.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\Program Files\Winamp\winampa.exe[1452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\Program Files\Winamp\winampa.exe[1452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1544] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1564] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\sol.exe[1644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\sol.exe[1644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\sol.exe[1644] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\sol.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\sol.exe[1644] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\sol.exe[1644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\sol.exe[1644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\sol.exe[1644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\sol.exe[1644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\sol.exe[1644] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\spoolsv.exe[1708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1708] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\nvsvc32.exe[1864] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\nvsvc32.exe[1864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1864] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\nvsvc32.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1864] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\nvsvc32.exe[1864] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1864] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\nvsvc32.exe[1864] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1864] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[1864] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\wdfmgr.exe[1904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8 .text C:\WINDOWS\system32\wdfmgr.exe[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[1904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC .text C:\WINDOWS\system32\wdfmgr.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wdfmgr.exe[1904] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wdfmgr.exe[1904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wdfmgr.exe[1904] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wdfmgr.exe[1904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wdfmgr.exe[1904] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wdfmgr.exe[1904] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00821014 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00820804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00820A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00820C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00820E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00820600 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00830804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00830A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00830600 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008301F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008303FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00741014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00740804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00740A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00740C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00740E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 007401F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 007403FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00740600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00750804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 1068EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 1068ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00750A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00750600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2180] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\WINDOWS\system32\wuauclt.exe[2280] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[2280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2280] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[2280] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\wuauclt.exe[2280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\wuauclt.exe[2280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\wuauclt.exe[2280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\wuauclt.exe[2280] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\wuauclt.exe[2280] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003A1014 .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003A0C0C .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003A0E10 .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\wuauclt.exe[2280] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\svchost.exe[2776] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2776] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2776] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2776] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2776] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2776] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2776] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2776] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2776] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Daniel\Moje dokumenty\Pobieranie\48gwbv4d.exe[4024] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 898E32F8 IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F74C922E] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F74C871C] sptd.sys IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F74C8F0E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74C871C] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74C8910] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74C8852] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74C90EC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74C8F0E] sptd.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 895992F8 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoCreateDevice] 0FB0878D IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoDetachDevice] 75FF0000 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!ExFreePoolWithTag] FF575008 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoFreeWorkItem] 458B0C55 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoDeleteDevice] FC450108 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KeWaitForSingleObject] 83F84501 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KeSetEvent] D82B28C4 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!ObfReferenceObject] B60FBB75 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] FC6AE745 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 03C82B59 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 59FC6AF1 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!NlsMbCodePageTag] 4D01C82B IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!RtlInitAnsiString] 6A39EBF4 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!RtlInitUnicodeString] 02C38300 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!sprintf] 8D016A53 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoFreeIrp] 5750E645 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoCancelIrp] 830C55FF IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoAllocateIrp] B60F14C4 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KeInitializeEvent] 4E8DE745 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] 77C13BFC IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoInitializeTimer] 59FC6A24 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IofCallDriver] F103C82B IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D104D8B IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoSetStartIoAttributes] 8904014C IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoStartPacket] 4D8B104D IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!PoRequestPowerIrp] 01448DF0 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoStopTimer] F0458904 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoStartTimer] 0F04FE83 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoAllocateWorkItem] FFFEA483 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] F4458BFF IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] E9C1C88B IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoQueueWorkItem] E44D8818 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoFreeMdl] E9C1C88B IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 88006A10 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoAllocateMdl] 006AE54D IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 4588C88B IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!memmove] 8D046AE7 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C150E445 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 885708E9 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoBuildPartialMdl] 55FFE64D IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] 14C4830C IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KeTickCount] 5FF0458B IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KeBugCheckEx] C2C95B5E IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IofCompleteRequest] 8B550010 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoStartNextPacket] 8B5753EC IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 478A0C7D IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!PoCallDriver] 8D3F2473 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 4B8A085F IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 74013C30 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!KeInitializeSpinLock] 74123C1D IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!ZwClose] 50C03319 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!MmHighestUserAddress] 6A4B6A50 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75FF5304 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[HAL.dll!KeGetCurrentIrql] 76D83B08 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[HAL.dll!KfAcquireSpinLock] 08458903 IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[HAL.dll!KfReleaseSpinLock] 75FF016A IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[HAL.dll!KfRaiseIrql] B0878DFC IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[HAL.dll!KfLowerIrql] FF00000F IAT \SystemRoot\System32\Drivers\aesbgasc.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 6A0C55FF ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8990D1E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-0 895981E8 Device \Driver\usbuhci \Device\USBPDO-1 895981E8 Device \Driver\usbuhci \Device\USBPDO-2 895981E8 Device \Driver\usbuhci \Device\USBPDO-3 895981E8 Device \Driver\usbehci \Device\USBPDO-4 895971E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 8950F1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8950F1E8 Device \Driver\Cdrom \Device\CdRom2 8950F1E8 Device \Driver\PCI_PNP4722 \Device\0000003d sptd.sys Device \Driver\PCI_PNP4722 \Device\0000003d sptd.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 89790430 Device \Driver\NetBT \Device\NetBT_Tcpip_{3CD03929-415E-48E0-A1EE-CED8BE0A9723} 89790430 Device \Driver\NetBT \Device\NetbiosSmb 89790430 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 895981E8 Device \Driver\usbuhci \Device\USBFDO-1 895981E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 891751E8 Device \Driver\usbuhci \Device\USBFDO-2 895981E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 891751E8 Device \Driver\usbuhci \Device\USBFDO-3 895981E8 Device \Driver\usbehci \Device\USBFDO-4 895971E8 Device \Driver\aesbgasc \Device\Scsi\aesbgasc1 8950E1E8 Device \Driver\aesbgasc \Device\Scsi\aesbgasc1Port2Path0Target0Lun0 8950E1E8 Device \Driver\aesbgasc \Device\Scsi\aesbgasc1Port2Path0Target1Lun0 8950E1E8 Device \FileSystem\Cdfs \Cdfs 895D4430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0xE4 0xD9 0x2C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x46 0x66 0x44 0x19 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFF 0x60 0xE4 0xBD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB1 0x7E 0xE6 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xC4 0xBB 0xCA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0xE4 0xD9 0x2C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE3 0xAE 0xB2 0x16 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFF 0x60 0xE4 0xBD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB1 0x7E 0xE6 0xEC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEA 0xC4 0xBB 0xCA ... ---- EOF - GMER 1.0.15 ----