GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-09 22:19:25 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HTS542512K9SA00 rev.BB2OC31P Running: gmer.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\ffqdakod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEB54DDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xECFB5A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xEB54E85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEB57AD5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEB5532E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEB553330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEB553422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEB57A711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEB553252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEB553374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEB55329A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEB5533DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEB54DE44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEB57B423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEB57B6D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEB5509A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEB57B28E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEB57B0F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xECFB5B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEB54DAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEB54DE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEB550D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEB54EB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEB55330E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEB553352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEB553446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEB57AA6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEB553278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEB550518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEB5533AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEB5532C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEB55074C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEB553400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xECFB5CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEB57AF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEB54E9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEB57ADC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xECFBFB68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEB579D84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEB54DEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEB54DF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEB54DB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEB54DCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEB57B52A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEB54DC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEB54DD5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xECFB5D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEB54DF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xECFB5BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xECFCBD92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2B80 80503924 4 Bytes CALL 8DF5247D .text ntkrnlpa.exe!ZwCallbackReturn + 2DC0 80503B64 4 Bytes JMP 998B26BD .text ntkrnlpa.exe!ZwCallbackReturn + 2E81 80503C25 7 Bytes [DE, 54, EB, 28, DF, 54, EB] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4F7C 4 Bytes CALL EB54F19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF8A 5 Bytes JMP ECFC8C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C18C0 5 Bytes JMP ECFCA74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA1E 7 Bytes JMP ECFCBD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text atapi.sys F74447B4 1 Byte [CC] {INT 3 } .text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP EB552180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + E5A BF80C235 5 Bytes JMP EB55207C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP EB552036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D0 BF81C0A3 5 Bytes JMP EB551724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP EB550F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP EB5522EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP EB5524F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP EB550E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP EB551104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 6882 BF84AE7C 5 Bytes JMP EB55170C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP EB551F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP EB552232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP EB551384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP EB551562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP EB550E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 77A9 BF8814CF 5 Bytes JMP EB55173C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP EB552450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP EB55151C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8BCD44 5 Bytes JMP EB5517FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP EB550D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP EB5520BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP EB550FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 4768 BF907C6D 5 Bytes JMP EB5517E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP EB5511AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP EB5512E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP EB550F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP EB5510B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP EB55167C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP EB5523A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\ATK0100\HControl.exe[408] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\WINDOWS\ATK0100\HControl.exe[408] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\ATK0100\HControl.exe[408] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\WINDOWS\ATK0100\HControl.exe[408] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\ATK0100\HControl.exe[408] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 004401F8 .text C:\WINDOWS\ATK0100\HControl.exe[408] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 004403FC .text C:\WINDOWS\ATK0100\HControl.exe[408] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00440804 .text C:\WINDOWS\ATK0100\HControl.exe[408] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00440A08 .text C:\WINDOWS\ATK0100\HControl.exe[408] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00440600 .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00451014 .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00450804 .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00450A08 .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00450C0C .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00450E10 .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 004501F8 .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 004503FC .text C:\WINDOWS\ATK0100\HControl.exe[408] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00450600 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Program Files\ASUS\ATK Media\DMEDIA.EXE[420] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[452] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\WINDOWS\RTHDCPL.EXE[452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[452] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\WINDOWS\RTHDCPL.EXE[452] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[452] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\WINDOWS\RTHDCPL.EXE[452] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\WINDOWS\RTHDCPL.EXE[452] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\WINDOWS\RTHDCPL.EXE[452] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\WINDOWS\RTHDCPL.EXE[452] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[452] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[500] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[512] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[544] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[544] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88] .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08 .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\gm\gmer.exe[564] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[644] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600 .text C:\WINDOWS\System32\smss.exe[776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[824] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[852] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\winlogon.exe[852] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\winlogon.exe[852] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[852] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[852] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[852] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[852] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\services.exe[896] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\services.exe[896] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[896] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[896] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[896] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[896] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\lsass.exe[908] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\lsass.exe[908] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[908] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[908] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[908] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[908] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 006A01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 006A03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 006A0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 006A0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 006A0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 006B1014 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 006B0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 006B0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 006B0C0C .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 006B0E10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006B01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006B03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[1036] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 006B0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\Ati2evxx.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1068] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1068] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1068] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1248] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1320] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8 .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC .text C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe[1412] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[1464] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Skype\Phone\Skype.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[1464] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 029501F8 .text C:\Program Files\Skype\Phone\Skype.exe[1464] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 029503FC .text C:\Program Files\Skype\Phone\Skype.exe[1464] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 02950804 .text C:\Program Files\Skype\Phone\Skype.exe[1464] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 02950A08 .text C:\Program Files\Skype\Phone\Skype.exe[1464] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 02950600 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 02941014 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 02940804 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 02940A08 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 02940C0C .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 02940E10 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 029401F8 .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 029403FC .text C:\Program Files\Skype\Phone\Skype.exe[1464] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 02940600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 008101F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 008103FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00810804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00810A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00810600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00821014 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00820804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00820A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00820C0C .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00820E10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 008201F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 008203FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1524] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00820600 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\Ati2evxx.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1556] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1556] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\Ati2evxx.exe[1556] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\WINDOWS\Explorer.EXE[1588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1588] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\Explorer.EXE[1588] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\Explorer.EXE[1588] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[1588] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1588] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[1588] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[1588] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1736] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1800] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1800] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1800] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\spoolsv.exe[1800] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\spoolsv.exe[1800] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1800] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1800] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1800] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1800] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] user32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 006F01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] user32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 006F03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] user32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 006F0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] user32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 006F0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[2136] user32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 006F0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!SetWinEventHook 77D5E3D3 3 Bytes JMP 006101F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!SetWinEventHook + 4 77D5E3D7 1 Byte [88] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 006103FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!SetWindowsHookExW 77D5E621 3 Bytes JMP 00610804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!SetWindowsHookExW + 4 77D5E625 1 Byte [88] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00610A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!SetWindowsHookExA 77D602B2 3 Bytes JMP 00610600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] USER32.dll!SetWindowsHookExA + 4 77D602B6 1 Byte [88] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00621014 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00620804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00620A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00620C0C .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00620E10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006201F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006203FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[2172] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00620600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2200] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 005F01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 005F03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 005F0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 005F0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 005F0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00601014 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00600804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00600A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00600C0C .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00600E10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006001F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006003FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[2256] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00600600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 01071014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 01070804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 01070A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 01070C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 01070E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 010701F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 010703FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 01070600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 010801F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 010803FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 01080804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 01080A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2364] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 01080600 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2456] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00311014 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00310804 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00310A08 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00310C0C .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00310E10 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003101F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003103FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00310600 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003201F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003203FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00320804 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00320A08 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2516] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00320600 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2604] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01290C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] kernel32.dll!lstrlenW + 43 7C809A7C 7 Bytes JMP 014C7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] kernel32.dll!MapViewOfFileEx + 6A 7C80B788 7 Bytes JMP 014C7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] kernel32.dll!lstrcpyn + 70 7C810381 7 Bytes JMP 01293FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] GDI32.dll!SetWindowOrgEx + 15E 77F1960B 7 Bytes JMP 014C7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00321014 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00320804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00320A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00320C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00320E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2704] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\StkCSrv.exe[2736] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\WINDOWS\System32\StkCSrv.exe[2736] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\StkCSrv.exe[2736] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\WINDOWS\System32\StkCSrv.exe[2736] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\WINDOWS\System32\StkCSrv.exe[2736] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\WINDOWS\System32\StkCSrv.exe[2736] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\WINDOWS\System32\StkCSrv.exe[2736] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\WINDOWS\System32\StkCSrv.exe[2736] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\WINDOWS\ATK0100\ATKOSD.exe[2824] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00A01014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00A00804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00A00A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00A00C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00A00E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 00A001F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 00A003FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00A00600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!SetPropW + 11B 77D3DECE 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!SetPropW + 11B 77D3DECE 7 Bytes JMP 105CDF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!SetWindowLongA + 19 77D3DEEC 7 Bytes JMP 105CDEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!GetWindowInfo 77D3F122 5 Bytes JMP 10414536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00A101F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00A103FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00A10804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00A10A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00A10600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2832] USER32.dll!GetMenuContextHelpId + 1A 77D84F11 7 Bytes JMP 10414B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003F01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003F03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003F0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003F0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003F0600 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 004E1014 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 004E0804 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 004E0A08 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 004E0C0C .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 004E0E10 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 004E01F8 .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 004E03FC .text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[2848] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 004E0600 .text C:\WINDOWS\System32\svchost.exe[3344] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[3344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3344] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[3344] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\svchost.exe[3344] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\svchost.exe[3344] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[3344] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[3344] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[3344] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[3344] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[3660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3660] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3660] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3660] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\alg.exe[3660] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\alg.exe[3660] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\alg.exe[3660] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\alg.exe[3660] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[3660] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4076] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002 IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device B0488C8A AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:336] 866F839F Thread System [4:656] 85BD50F4 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\User\Ustawienia lokalne\Temporary Internet Files\Content.IE5\U8F45572\CA9SXUXD.htm 6895 bytes ---- EOF - GMER 1.0.15 ----