GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-16 19:31:26 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 Running: m6ipr279.exe; Driver: C:\Users\VOBIS\AppData\Local\Temp\fxlorpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90A84536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x914AC7BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90A84F52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90A8FD7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90A8FDC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90A8FF48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90A8FCE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x914ACBAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90A8FD30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90A85146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90A8FF02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90A858CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90A84584] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x914AC89E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90A841EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90A845D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90A892A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90A86292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90A8FDA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90A8FDE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90A8FF6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90A8FD0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90A8FE8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90A8FD58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90A8FF26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x914ACA1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90A8615E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x90A85D08] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90A84620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90A8466E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90A8574A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90A84276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90A84426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90A843CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90A85A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90A85B88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90A84496] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x914ACAE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90A855CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90A846BC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x914AC954] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90A852CE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x914C4744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 2FD 830B9934 4 Bytes [36, 45, A8, 90] .text ntoskrnl.exe!KeInsertQueue + 321 830B9958 4 Bytes [BA, C7, 4A, 91] .text ntoskrnl.exe!KeInsertQueue + 381 830B99B8 4 Bytes [52, 4F, A8, 90] {PUSH EDX; DEC EDI; TEST AL, 0x90} .text ntoskrnl.exe!KeInsertQueue + 3C1 830B99F8 8 Bytes [7A, FD, A8, 90, C6, FD, A8, ...] .text ntoskrnl.exe!KeInsertQueue + 3CD 830B9A04 4 Bytes [48, FF, A8, 90] .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 831EFE46 5 Bytes JMP 914C161C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 8323954F 4 Bytes CALL 90A86959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 8323DA1C 5 Bytes JMP 914C30FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 83267007 4 Bytes CALL 90A8696F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 832D4EA0 7 Bytes JMP 914C4748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9000A340, 0x3EE687, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[584] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[640] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\wininit.exe[688] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\csrss.exe[700] KERNEL32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text ... .text C:\Windows\System32\wpcumi.exe[1284] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\System32\wpcumi.exe[1284] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\System32\wpcumi.exe[1284] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\wpcumi.exe[1284] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\wpcumi.exe[1284] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600 .text C:\Windows\System32\wpcumi.exe[1284] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804 .text C:\Windows\System32\wpcumi.exe[1284] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\wpcumi.exe[1284] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\wpcumi.exe[1284] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[1388] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[1516] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1516] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000C03FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[1588] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC .text C:\Windows\ehome\ehtray.exe[1612] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000901F8 .text C:\Windows\ehome\ehtray.exe[1612] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000903FC .text C:\Windows\ehome\ehtray.exe[1612] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000B03FC .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 000B0600 .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 000B1014 .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 000B0804 .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 000B0A08 .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 000B0C0C .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 000B0E10 .text C:\Windows\ehome\ehtray.exe[1612] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000B01F8 .text C:\Windows\ehome\ehtray.exe[1612] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000C0600 .text C:\Windows\ehome\ehtray.exe[1612] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000C0804 .text C:\Windows\ehome\ehtray.exe[1612] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000C0A08 .text C:\Windows\ehome\ehtray.exe[1612] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\ehome\ehtray.exe[1612] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\rundll32.exe[1704] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1732] kernel32.dll!SetUnhandledExceptionFilter 766AA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1732] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00170600 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00170804 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00170A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001703FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 002803FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00280600 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00281014 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00280804 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00280A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00280C0C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00280E10 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1812] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 002801F8 .text C:\Windows\System32\spoolsv.exe[1908] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1980] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2000] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2348] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2348] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2348] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00170C0C .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\svchost.exe[2348] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2348] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00980600 .text C:\Windows\system32\svchost.exe[2348] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00980804 .text C:\Windows\system32\svchost.exe[2348] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00980A08 .text C:\Windows\system32\svchost.exe[2348] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 009801F8 .text C:\Windows\system32\svchost.exe[2348] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 009803FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2360] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\wbem\unsecapp.exe[2368] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[2368] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[2368] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[2368] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2368] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[2368] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[2368] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[2368] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[2368] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001401F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001403FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00160600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00160804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00160A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00180600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00181014 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00180804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00180A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00180C0C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00180E10 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2516] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001801F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000D01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000D03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 000F0600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 000F1014 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 000F0C0C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 000F0E10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00100600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00100804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00100A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001001F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2576] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001003FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 003903FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00390600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00391014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00390804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00390A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00390C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00390E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 003901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 003A0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 003A0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 003A0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 003A01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2624] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 003A03FC .text C:\Windows\system32\Dwm.exe[2668] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[2668] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[2668] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[2668] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[2668] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[2668] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[2668] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[2668] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[2668] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2712] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[2712] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000903FC .text C:\Windows\system32\taskeng.exe[2712] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\taskeng.exe[2712] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[2712] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\taskeng.exe[2712] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\taskeng.exe[2712] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\taskeng.exe[2712] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\taskeng.exe[2712] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2720] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[2736] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2736] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2736] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2736] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[2776] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[2776] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[2776] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[2776] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[2776] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[2776] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[2776] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[2776] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[2776] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[2784] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2784] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2784] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000401F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000403FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2804] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2896] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[2896] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[2896] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[2896] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2896] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[2896] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[2896] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[2896] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[2896] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00190600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00191014 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00190804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00190A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00190C0C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00190E10 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2932] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\taskeng.exe[2964] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2964] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2964] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2964] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2964] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600 .text C:\Windows\system32\taskeng.exe[2964] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804 .text C:\Windows\system32\taskeng.exe[2964] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08 .text C:\Windows\system32\taskeng.exe[2964] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8 .text C:\Windows\system32\taskeng.exe[2964] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC .text C:\Windows\ehome\ehmsas.exe[3124] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000401F8 .text C:\Windows\ehome\ehmsas.exe[3124] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000403FC .text C:\Windows\ehome\ehmsas.exe[3124] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[3124] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[3124] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[3124] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[3124] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[3124] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[3124] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000703FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001401F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001403FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!SetWindowsHookExA 778D6322 3 Bytes JMP 00190600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!SetWindowsHookExA + 4 778D6326 1 Byte [88] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!SetWindowsHookExW 778D87AD 3 Bytes JMP 00190804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!SetWindowsHookExW + 4 778D87B1 1 Byte [88] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00190A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!SetWinEventHook 778D9F3A 3 Bytes JMP 001901F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!SetWinEventHook + 4 778D9F3E 1 Byte [88] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001903FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 002A03FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 002A0600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 002A1014 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 002A0804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 002A0A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 002A0C0C .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 002A0E10 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[3356] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 002A01F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001801F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!SetWindowsHookExA 778D6322 3 Bytes JMP 00190600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!SetWindowsHookExA + 4 778D6326 1 Byte [88] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!SetWindowsHookExW 778D87AD 3 Bytes JMP 00190804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!SetWindowsHookExW + 4 778D87B1 1 Byte [88] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00190A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!SetWinEventHook 778D9F3A 3 Bytes JMP 001901F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!SetWinEventHook + 4 778D9F3E 1 Byte [88] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[3384] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001903FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00170804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001703FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3392] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Defender\MSASCui.exe[3680] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3680] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\rundll32.exe[3716] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000601F8 .text C:\Windows\System32\rundll32.exe[3716] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000603FC .text C:\Windows\System32\rundll32.exe[3716] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\System32\rundll32.exe[3716] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00070600 .text C:\Windows\System32\rundll32.exe[3716] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00070804 .text C:\Windows\System32\rundll32.exe[3716] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00070A08 .text C:\Windows\System32\rundll32.exe[3716] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000701F8 .text C:\Windows\System32\rundll32.exe[3716] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000703FC .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000803FC .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00080600 .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00081014 .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00080804 .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00080A08 .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00080C0C .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00080E10 .text C:\Windows\System32\rundll32.exe[3716] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000801F8 .text C:\Windows\RtHDVCpl.exe[3756] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Windows\RtHDVCpl.exe[3756] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Windows\RtHDVCpl.exe[3756] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001703FC .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00170600 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00171014 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00170804 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00170A08 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00170C0C .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00170E10 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001701F8 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00180600 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00180804 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00180A08 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001801F8 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001803FC .text C:\Program Files\Internet Explorer\iexplore.exe[3872] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!EnableWindow 778DCD8B 5 Bytes JMP 6E109EBC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamW 779010B0 5 Bytes JMP 6E061893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamW 77902EF5 5 Bytes JMP 6E25902E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxParamA 77918152 5 Bytes JMP 6E258FC9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!DialogBoxIndirectParamA 7791847D 5 Bytes JMP 6E259093 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectA 7792D4D9 5 Bytes JMP 6E258F50 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectW 7792D5D3 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxIndirectW 7792D5D3 5 Bytes JMP 6E258ED7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExA 7792D639 5 Bytes JMP 6E258E73 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3872] USER32.dll!MessageBoxExW 7792D65D 5 Bytes JMP 6E258E0F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000803FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00080600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00081014 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00080804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00080C0C .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00080E10 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 000A0600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 000A0804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 000A0A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000A01F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3920] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000A03FC .text C:\ProgramData\lsass.exe[3936] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\ProgramData\lsass.exe[3936] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\ProgramData\lsass.exe[3936] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\ProgramData\lsass.exe[3936] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00070600 .text C:\ProgramData\lsass.exe[3936] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00070804 .text C:\ProgramData\lsass.exe[3936] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00070A08 .text C:\ProgramData\lsass.exe[3936] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000701F8 .text C:\ProgramData\lsass.exe[3936] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000703FC .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000803FC .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00080600 .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00081014 .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00080804 .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00080A08 .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00080C0C .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00080E10 .text C:\ProgramData\lsass.exe[3936] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00140600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00141014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00140804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00140A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00140C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00140E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00150600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00150804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00150A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001501F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3940] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001401F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001403FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00260600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00260804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00260A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 002601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 002603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 002703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00270600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00271014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00270804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00270A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00270C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00270E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4060] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 002701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000401F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000403FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4084] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4252] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 001801F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000401F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000403FC .text C:\Program Files\Internet Explorer\iexplore.exe[4540] kernel32.dll!CreateThread 766CCB2E 5 Bytes JMP 6E0C75E3 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 009603FC .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00960600 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00961014 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00960804 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00960A08 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00960C0C .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00960E10 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 009601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00970600 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 6E1025B4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!CallNextHookEx 778D8E3B 5 Bytes JMP 6E127FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 6E14ED00 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 009701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 009703FC .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!EnableWindow 778DCD8B 5 Bytes JMP 6E109EBC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DefWindowProcA 778DDB88 7 Bytes JMP 6E0C980D C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!CreateWindowExA 778DDC2A 5 Bytes JMP 6E0D3643 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!CreateWindowExW 778E1305 5 Bytes JMP 6E1303CF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DefWindowProcW 778F03B4 7 Bytes JMP 6E128042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxParamW 779010B0 5 Bytes JMP 6E061893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxIndirectParamW 77902EF5 5 Bytes JMP 6E25902E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxParamA 77918152 5 Bytes JMP 6E258FC9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!DialogBoxIndirectParamA 7791847D 5 Bytes JMP 6E259093 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxIndirectA 7792D4D9 5 Bytes JMP 6E258F50 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxIndirectW 7792D5D3 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxIndirectW 7792D5D3 5 Bytes JMP 6E258ED7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxExA 7792D639 5 Bytes JMP 6E258E73 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] USER32.dll!MessageBoxExW 7792D65D 5 Bytes JMP 6E258E0F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4540] ole32.dll!OleLoadFromStream 76261E80 5 Bytes JMP 6E2597FC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Windows\system32\svchost.exe[4620] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[4620] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[4620] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[4620] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\ctfmon.exe[4804] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000501F8 .text C:\Windows\system32\ctfmon.exe[4804] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000503FC .text C:\Windows\system32\ctfmon.exe[4804] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\ctfmon.exe[4804] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00070600 .text C:\Windows\system32\ctfmon.exe[4804] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\ctfmon.exe[4804] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\ctfmon.exe[4804] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\ctfmon.exe[4804] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00080C0C .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\ctfmon.exe[4804] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000801F8 .text C:\Users\VOBIS\Desktop\m6ipr279.exe[5948] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[6056] ntdll.dll!LdrLoadDll 77739378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wuauclt.exe[6056] ntdll.dll!LdrUnloadDll 7774B680 5 Bytes JMP 000603FC .text C:\Windows\system32\wuauclt.exe[6056] kernel32.dll!GetBinaryTypeW + 70 766D2467 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[6056] USER32.dll!SetWindowsHookExA 778D6322 5 Bytes JMP 00070600 .text C:\Windows\system32\wuauclt.exe[6056] USER32.dll!SetWindowsHookExW 778D87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\wuauclt.exe[6056] USER32.dll!UnhookWindowsHookEx 778D98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\wuauclt.exe[6056] USER32.dll!SetWinEventHook 778D9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[6056] USER32.dll!UnhookWinEvent 778DC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!CreateServiceW 774C9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!DeleteService 774CA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!SetServiceObjectSecurity 77506CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!ChangeServiceConfigA 77506DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!ChangeServiceConfigW 77506F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!ChangeServiceConfig2A 77507099 5 Bytes JMP 00080C0C .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!ChangeServiceConfig2W 775071E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\wuauclt.exe[6056] ADVAPI32.dll!CreateServiceA 775072A1 5 Bytes JMP 000801F8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00240002 IAT C:\Windows\system32\services.exe[732] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00240000 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7332F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7332F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027879245e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f37b91 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5d89c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cdd0c4 Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) ---- EOF - GMER 1.0.15 ----