GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-21 23:35:46 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 ST350041 rev.CC37 465,76GB Running: bth383bq.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\kgqcqaod.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xADEDF4BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xADFB4C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xADEDFED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xADF21811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xADEEAFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xADEEAFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xADEEB176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xADF211C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xADEEAF16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xADEEB038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xADEEAF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xADEE011C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xADEEB130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xADEE093E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xADEDF508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xADF21ED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xADF2218D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xADEE41C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xADF21D42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xADF21BAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xADFB4CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xADEDF170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xADEDF556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xADEE4534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xADEE13A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xADEEAFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xADEEB016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xADEEB19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xADF21521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xADEEAF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xADEE3C3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xADEEB0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xADEEAF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xADEE3F14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xADEEB154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xADFB4E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xADF21A28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xADEE1272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xADF2187A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xADEE0DD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xADFC17D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xADF20838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xADEDF5A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xADEDF5F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xADEE07BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xADEDF1FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xADEDF3AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xADF21FDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xADEDF350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xADEE0AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xADEE0C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xADEDF41A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xADEE04D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xADEE0636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xADFB341C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xADEDF640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xADEDFF1A] INT 0x73 ? 8AC86CC8 INT 0x83 ? 8AC86CC8 INT 0xB4 ? 8AAF0F00 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xADFCDE56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D1C 805045B8 4 Bytes [EA, 4C, FB, AD] .text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 12 Bytes [A4, F5, ED, AD, F2, F5, ED, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [F8, 0A, EE, AD, 54, 0C, EE, ...] {CLC ; OR CH, DH; LODSD ; PUSH ESP; OR AL, 0xee; LODSD ; SBB DH, AH; IN EAX, DX; LODSD } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A646E 4 Bytes CALL ADEE1A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP ADFCACF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP ADFCC810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP ADFCDE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF736C346] .xreloc C:\WINDOWS\system32\drivers\sfsync04.sys unknown last section [0xF722E000, 0xC5E, 0x40000040] .text USBPORT.SYS!DllUnload F674B8AC 5 Bytes JMP 8AAF0410 .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF616A000, 0x238E77, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809931 5 Bytes JMP ADEE5B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C88D 5 Bytes JMP ADEE5A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813920 5 Bytes JMP ADEE59F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C763 5 Bytes JMP ADEE50A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 68B BF838EFD 5 Bytes JMP ADEE47C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + 347C BF83C845 5 Bytes JMP ADEE5090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 19A7 BF83F3D5 5 Bytes JMP ADEE5CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3449 BF840E77 5 Bytes JMP ADEE5EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTextOut + 1DB5 BF8597C3 5 Bytes JMP ADEE58FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 35C1 BF85DAD8 5 Bytes JMP ADEE5A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35FB BF87527F 5 Bytes JMP ADEE4CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF875DA2 5 Bytes JMP ADEE4E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF89301B 5 Bytes JMP ADEE5182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3AA1 BF897979 5 Bytes JMP ADEE5BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2E70 BF8A0C8F 5 Bytes JMP ADEE516A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F30 BF8A0D4F 5 Bytes JMP ADEE4670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 350F BF8AA40A 5 Bytes JMP ADEE4688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 90F8 BF8B4262 5 Bytes JMP ADEE4834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 347A BF8B984F 5 Bytes JMP ADEE4C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3505 BF8B98DA 5 Bytes JMP ADEE4EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 8DDD BF8BF1B2 5 Bytes JMP ADEE5E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 1756 BF8C322E 5 Bytes JMP ADEE4944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8EB862 5 Bytes JMP ADEE4A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8EBAE2 5 Bytes JMP ADEE4B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + B223 BF8F556E 5 Bytes JMP ADEE50C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F98FA 5 Bytes JMP ADEE456A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1994 BF9132F6 5 Bytes JMP ADEE4760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2568 BF913ECA 5 Bytes JMP ADEE48F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EC7 BF916829 5 Bytes JMP ADEE4FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 190E BF9447C8 5 Bytes JMP ADEE5D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.0 ---- .text C:\WINDOWS\Explorer.EXE[152] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[460] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\user\Pulpit\bth383bq.exe[468] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Documents and Settings\user\Pulpit\bth383bq.exe[468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[628] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1148] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003101F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1148] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003103FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1148] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003E03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00031014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00030804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00030A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00030C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00030E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 000301F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 000303FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00030600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 03960804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 03960A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 03960600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 039601F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 039603FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[1232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[1232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[1232] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[1232] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003501F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003503FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00691014 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00690804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00690A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00690C0C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00690E10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006901F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006903FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1312] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00690600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1492] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D03FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01181014 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01180804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01180A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01180C0C .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01180E10 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 011801F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 011803FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01180600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A70804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A70A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A70600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A701F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[1580] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A703FC .text C:\WINDOWS\system32\spoolsv.exe[1636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1736] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.INSERTGT\MSSQL\Binn\sqlservr.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1864] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00AC1014 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00AC0804 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00AC0A08 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00AC0C0C .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00AC0E10 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00AC01F8 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00AC03FC .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00AC0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00AD0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00AD0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00AD0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00AD01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00AD03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01A21014 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01A20804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01A20A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01A20C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01A20E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 01A201F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 01A203FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2244] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01A20600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A91014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A90804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A90A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A90C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A90E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A901F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A903FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2272] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A90600 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2316] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D03FC .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2316] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Freecorder\FLVSrvc.exe[2344] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E01F8 .text C:\Program Files\Freecorder\FLVSrvc.exe[2344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Freecorder\FLVSrvc.exe[2344] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003E03FC .text C:\Program Files\Freecorder\FLVSrvc.exe[2344] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2368] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E01F8 .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2368] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003E03FC .text C:\Program Files\SweetIM\Messenger\SweetIM.exe[2368] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003E03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00031014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00030804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00030A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00030C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00030E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 000301F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 000303FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00030600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01320804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01320A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01320600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013201F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013203FC .text C:\WINDOWS\system32\ctfmon.exe[2520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[2520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[2520] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A41014 .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A40804 .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A40A08 .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A40C0C .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A40E10 .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A401F8 .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A403FC .text C:\WINDOWS\system32\ctfmon.exe[2520] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A40600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009B1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009B0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009B0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009B0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009B0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009B01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009B03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009B0600 .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2900] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2900] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00C61014 .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00C60804 .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00C60A08 .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00C60C0C .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00C60E10 .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C601F8 .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C603FC .text C:\WINDOWS\system32\svchost.exe[2900] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00C60600 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E01F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003E03FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01010804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01010A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01010600 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010101F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010103FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01051014 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01050804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01050A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01050C0C .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01050E10 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010501F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010503FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[2956] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01050600 .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D03FC .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00B40804 .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00B40A08 .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00B40600 .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00B401F8 .text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[2976] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00B403FC .text C:\Program Files\Opera\opera.exe[3076] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003E01F8 .text C:\Program Files\Opera\opera.exe[3076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\Opera\opera.exe[3076] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003E03FC .text C:\Program Files\Opera\opera.exe[3076] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA1D10 C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder/Applian Technologies, Inc.) .text C:\Program Files\Opera\opera.exe[3076] KERNEL32.dll!GetTempFileNameW 7C8359E7 5 Bytes JMP 00BA2040 C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Freecorder/Applian Technologies, Inc.) .text C:\Program Files\Opera\opera.exe[3076] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009D1014 .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009D0804 .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009D0A08 .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009D0C0C .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009D0E10 .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009D01F8 .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009D03FC .text C:\Program Files\Opera\opera.exe[3076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009D0600 .text C:\Program Files\Opera\opera.exe[3076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 02D40804 .text C:\Program Files\Opera\opera.exe[3076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 02D40A08 .text C:\Program Files\Opera\opera.exe[3076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 02D40600 .text C:\Program Files\Opera\opera.exe[3076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 02D401F8 .text C:\Program Files\Opera\opera.exe[3076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 02D403FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D40804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00D40A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00D40600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00D401F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00D403FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 011F1014 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 011F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 011F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 011F0C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 011F0E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 011F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 011F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3532] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 011F0600 .text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3580] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] ---- Kernel IAT/EAT - GMER 2.0 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F7272232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F7271730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F7271F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7271730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7271914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7271856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72720F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7271F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7285F1E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 2.0 ---- IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[768] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[2464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x14 0xB9 0x6D 0x32 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0x6A 0xF0 0xE8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x69 0xD4 0x32 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xD4 0x95 0x2F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x87 0x32 0x18 0xB3 ... ---- EOF - GMER 2.0 ----