GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-19 19:12:16 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0 Running: u7mldogj.exe; Driver: C:\Users\VOBIS\AppData\Local\Temp\fxlorpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x916844BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91C80C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x91684ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9168FFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9168FFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91690176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9168FF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91C80FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9168FF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9168511C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91690130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9168593E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91684508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91C80CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x91C7F3EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91684556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91689534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x916863A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9168FFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91690016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9169019A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9168FF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x916900BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9168FF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91690154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91C80E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91686272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x91685DD4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x916845A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x916845F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x916857BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x916841FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x916843AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91684350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x91685AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x91685C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9168441A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91C80EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x91685636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x91C7F41C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91684640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91C80D96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x916852F4] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91C99E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 2FD 830A7934 4 Bytes [BA, 44, 68, 91] .text ntoskrnl.exe!KeInsertQueue + 321 830A7958 4 Bytes [22, 0C, C8, 91] {AND CL, [EAX+ECX*8]; XCHG ECX, EAX} .text ntoskrnl.exe!KeInsertQueue + 381 830A79B8 4 Bytes [D6, 4E, 68, 91] .text ntoskrnl.exe!KeInsertQueue + 3C1 830A79F8 8 Bytes [A8, FF, 68, 91, F4, FF, 68, ...] {TEST AL, 0xff; PUSH 0x68fff491; XCHG ECX, EAX} .text ntoskrnl.exe!KeInsertQueue + 3CD 830A7A04 4 Bytes [76, 01, 69, 91] .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 831DDE46 5 Bytes JMP 91C96CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 8322754F 4 Bytes CALL 91686A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 8322BA1C 5 Bytes JMP 91C98810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 83255017 4 Bytes CALL 91686AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 832C2EC6 7 Bytes JMP 91C99E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90805340, 0x3EE687, 0xE8000020] .text ntdll.dll!LdrLoadDll 774C9378 5 Bytes [E9, 7B, 6E, C9, 88] {JMP 0xffffffff88c96e80} .text ntdll.dll!LdrUnloadDll 774DB680 5 Bytes [E9, 77, 4D, C8, 88] {JMP 0xffffffff88c84d7c} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[324] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\svchost.exe[516] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[540] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\csrss.exe[572] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\wininit.exe[624] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text ... .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 002701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 002703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 002803FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00280600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00281014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00280804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00280A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00280C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00280E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 002801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00290600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00290804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00290A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002901F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1584] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 002903FC .text C:\Windows\system32\rundll32.exe[1640] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1764] kernel32.dll!SetUnhandledExceptionFilter 75DFA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1764] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1868] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1964] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2144] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2172] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[2192] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2192] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2208] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\System32\wpcumi.exe[2364] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\System32\wpcumi.exe[2364] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\System32\wpcumi.exe[2364] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\wpcumi.exe[2364] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\wpcumi.exe[2364] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\System32\wpcumi.exe[2364] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\System32\wpcumi.exe[2364] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\wpcumi.exe[2364] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\wpcumi.exe[2364] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2368] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2368] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2368] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2368] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2368] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2368] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2368] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2368] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2368] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000E01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000E03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 000F0600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 000F1014 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 000F0C0C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 000F0E10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00100600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00100804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00100A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001001F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2404] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001003FC .text C:\Windows\system32\taskeng.exe[2580] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2580] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2580] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2604] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2604] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2604] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[2604] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000E0600 .text C:\Windows\system32\svchost.exe[2604] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000E0804 .text C:\Windows\system32\svchost.exe[2604] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000E0A08 .text C:\Windows\system32\svchost.exe[2604] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[2604] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000E03FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 3 Bytes JMP 00181014 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity + 4 765F6CDD 1 Byte [89] .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2620] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001801F8 .text C:\Windows\System32\svchost.exe[2664] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2664] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2664] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2664] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[2664] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00150600 .text C:\Windows\System32\svchost.exe[2664] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00150804 .text C:\Windows\System32\svchost.exe[2664] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00150A08 .text C:\Windows\System32\svchost.exe[2664] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001501F8 .text C:\Windows\System32\svchost.exe[2664] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2728] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2880] kernel32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001803FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00180600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 3 Bytes JMP 00181014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity + 4 765F6CDD 1 Byte [89] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00180804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00180A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00180C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00180E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001801F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00190600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00190804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00190A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2900] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001903FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 3 Bytes JMP 00181014 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity + 4 765F6CDD 1 Byte [89] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00190600 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00190804 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00190A08 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2984] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001903FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001501F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001503FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001703FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00170600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00171014 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00170804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00170A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00170C0C .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00170E10 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2992] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001701F8 .text C:\Windows\ehome\ehtray.exe[3028] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehtray.exe[3028] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehtray.exe[3028] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehtray.exe[3028] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehtray.exe[3028] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[3028] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[3028] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[3028] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehtray.exe[3028] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[3060] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[3060] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[3060] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[3060] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[3060] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[3060] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[3060] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[3060] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[3060] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3116] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 3 Bytes JMP 00181014 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity + 4 765F6CDD 1 Byte [89] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3120] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001801F8 .text C:\Windows\Explorer.EXE[3156] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[3156] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[3156] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[3156] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[3156] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[3156] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[3156] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[3156] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[3156] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\ProgramData\lsass.exe[3244] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000701F8 .text C:\ProgramData\lsass.exe[3244] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000703FC .text C:\ProgramData\lsass.exe[3244] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\ProgramData\lsass.exe[3244] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\ProgramData\lsass.exe[3244] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\ProgramData\lsass.exe[3244] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\ProgramData\lsass.exe[3244] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\ProgramData\lsass.exe[3244] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000903FC .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00090600 .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00091014 .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00090804 .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00090A08 .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00090C0C .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00090E10 .text C:\ProgramData\lsass.exe[3244] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[3248] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[3248] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[3248] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[3248] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3248] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[3248] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[3248] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[3248] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[3248] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3256] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[3400] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\unsecapp.exe[3400] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[3400] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[3400] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[3400] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[3400] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[3400] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[3400] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001703FC .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00170600 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00171014 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00170804 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00170A08 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00170C0C .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00170E10 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001701F8 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8 .text C:\Users\VOBIS\Desktop\u7mldogj.exe[3544] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC .text C:\Windows\ehome\ehmsas.exe[3632] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehmsas.exe[3632] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehmsas.exe[3632] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[3632] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[3632] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehmsas.exe[3632] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehmsas.exe[3632] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehmsas.exe[3632] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehmsas.exe[3632] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000B01F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000B03FC .text C:\Program Files\Windows Defender\MSASCui.exe[3724] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 000C0600 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 000C0C0C .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000C01F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000D0600 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000D0804 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000D0A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000D01F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3724] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000D03FC .text C:\Windows\RtHDVCpl.exe[3756] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Windows\RtHDVCpl.exe[3756] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Windows\RtHDVCpl.exe[3756] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001703FC .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00170600 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00171014 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00170804 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00170A08 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00170C0C .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00170E10 .text C:\Windows\RtHDVCpl.exe[3756] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001701F8 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8 .text C:\Windows\RtHDVCpl.exe[3756] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00060600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00060C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3868] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00170C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3920] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[4040] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!EnableWindow 772BCD8B 5 Bytes JMP 6D389EBC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 6D2E1893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 6D4D902E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 6D4D8FC9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 6D4D9093 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 6D4D8F50 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxIndirectW 7730D5D3 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 6D4D8ED7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 6D4D8E73 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 6D4D8E0F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001803FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00180600 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 3 Bytes JMP 00181014 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity + 4 765F6CDD 1 Byte [89] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00180804 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00180A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00180C0C .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00180E10 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4044] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00190600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00191014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00190804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00190A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00190C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00190E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4124] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[4260] KERNEL32.dll!CreateThread 75E1CB2E 5 Bytes JMP 6D3475E3 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00060600 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00060C0C .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 6D3825B4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!CallNextHookEx 772B8E3B 5 Bytes JMP 6D3A7FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 6D3CED00 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!EnableWindow 772BCD8B 5 Bytes JMP 6D389EBC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DefWindowProcA 772BDB88 7 Bytes JMP 6D34980D C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!CreateWindowExA 772BDC2A 5 Bytes JMP 6D353643 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!CreateWindowExW 772C1305 5 Bytes JMP 6D3B03CF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DefWindowProcW 772D03B4 7 Bytes JMP 6D3A8042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 6D2E1893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 6D4D902E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 6D4D8FC9 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 6D4D9093 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 6D4D8F50 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxIndirectW 7730D5D3 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 6D4D8ED7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 6D4D8E73 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 6D4D8E0F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4260] ole32.dll!OleLoadFromStream 77371E80 5 Bytes JMP 6D4D97FC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Windows\system32\svchost.exe[4472] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[4472] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[4472] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[4472] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[4472] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\ctfmon.exe[5488] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\ctfmon.exe[5488] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000603FC .text C:\Windows\system32\ctfmon.exe[5488] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\ctfmon.exe[5488] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600 .text C:\Windows\system32\ctfmon.exe[5488] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\ctfmon.exe[5488] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\ctfmon.exe[5488] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\ctfmon.exe[5488] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\ctfmon.exe[5488] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\WUDFHost.exe[5536] ntdll.dll!LdrLoadDll 774C9378 5 Bytes JMP 000A01F8 .text C:\Windows\system32\WUDFHost.exe[5536] ntdll.dll!LdrUnloadDll 774DB680 5 Bytes JMP 000A03FC .text C:\Windows\system32\WUDFHost.exe[5536] KERNEL32.dll!GetBinaryTypeW + 70 75E22467 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!CreateServiceW 765B9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!DeleteService 765BA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!SetServiceObjectSecurity 765F6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!ChangeServiceConfigA 765F6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!ChangeServiceConfigW 765F6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!ChangeServiceConfig2A 765F7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!ChangeServiceConfig2W 765F71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\WUDFHost.exe[5536] ADVAPI32.dll!CreateServiceA 765F72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\WUDFHost.exe[5536] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\WUDFHost.exe[5536] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\WUDFHost.exe[5536] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\WUDFHost.exe[5536] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\WUDFHost.exe[5536] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000C03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00070002 IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00070000 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1764] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72DBF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72DBF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:3456] A1A518C8 Thread System [4:3748] A1A518C8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027879245e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f37b91 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5d89c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cdd0c4 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00027879245e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) ---- EOF - GMER 1.0.15 ----