GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-24 20:21:07 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA52A 465,76GB Running: bz5ewrph.exe; Driver: C:\DOCUME~1\Giza\USTAWI~1\Temp\kwacrkod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAddBootEntry [0xB6493DF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwAllocateVirtualMemory [0xB6548A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAssignProcessToJobObject [0xB649485E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwClose [0xB64C0D5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEvent [0xB64992E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEventPair [0xB6499330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateIoCompletion [0xB6499422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateKey [0xB64C0711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateMutant [0xB6499252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSection [0xB6499374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSemaphore [0xB649929A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateTimer [0xB64993DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteBootEntry [0xB6493E44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteKey [0xB64C1423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteValueKey [0xB64C16D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDuplicateObject [0xB64969A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateKey [0xB64C128E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateValueKey [0xB64C10F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwFreeVirtualMemory [0xB6548B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwLoadDriver [0xB6493AD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwModifyBootEntry [0xB6493E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeKey [0xB6496D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeMultipleKeys [0xB6494B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEvent [0xB649930E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEventPair [0xB6499352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenIoCompletion [0xB6499446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenKey [0xB64C0A6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenMutant [0xB6499278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenProcess [0xB6496518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSection [0xB64993AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSemaphore [0xB64992C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenThread [0xB649674C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenTimer [0xB6499400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwProtectVirtualMemory [0xB6548CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryKey [0xB64C0F74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryObject [0xB64949CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryValueKey [0xB64C0DC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRenameKey [0xB6552B68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwRestoreKey [0xB64BFD84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootEntryOrder [0xB6493EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootOptions [0xB6493F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemInformation [0xB6493B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemPowerState [0xB6493CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetValueKey [0xB64C152A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwShutdownSystem [0xB6493C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSystemDebugControl [0xB6493D5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwTerminateProcess [0xB6548D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwVdmControl [0xB6493F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwWriteVirtualMemory [0xB6548BE0] INT 0x62 ? 8B054CC8 INT 0x63 ? 8AEC6CC8 INT 0x82 ? 8B054CC8 INT 0x83 ? 8AEC6CC8 INT 0xA4 ? 8AEC6CC8 INT 0xB4 ? 8AEC6CC8 Code B6DDB47C ZwRequestPort Code B6DDB51C ZwRequestWaitReplyPort Code B6DDB47B NtRequestPort Code B6DDB51B NtRequestWaitReplyPort ---- Kernel code sections - GMER 2.1 ---- PAGE ntkrnlpa.exe!NtRequestPort 805A2A7E 5 Bytes JMP B6DDB480 PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2DAA 5 Bytes JMP B6DDB520 PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL B649519F \SystemRoot\System32\Drivers\aswSnx.SYS .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F8D346] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB964B360, 0x37388D, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB5B35300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA4A8300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\PnkBstrB.exe[168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrB.exe[168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrB.exe[168] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrB.exe[168] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrB.exe[168] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[168] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\PnkBstrB.exe[168] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\Program Files\Sandboxie\SbieSvc.exe[236] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\Program Files\Sandboxie\SbieSvc.exe[236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Sandboxie\SbieSvc.exe[236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[352] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\wscntfy.exe[384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wscntfy.exe[384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wscntfy.exe[384] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[384] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wscntfy.exe[384] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wscntfy.exe[384] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wscntfy.exe[384] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wscntfy.exe[384] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wscntfy.exe[384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[476] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[476] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[476] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Documents[588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents[588] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[696] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[696] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[800] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\ctfmon.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[820] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\spoolsv.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[904] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[904] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[904] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[904] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\BrowseMark\updateBrowseMark.exe[964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\BrowseMark\updateBrowseMark.exe[964] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009E1014 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009E0804 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009E0A08 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009E0C0C .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009E0E10 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009E01F8 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009E03FC .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009E0600 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009F0804 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009F0A08 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009F0600 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009F01F8 .text C:\Documents and Settings\Giza\Pulpit\bz5ewrph.exe[1008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009F03FC .text C:\WINDOWS\RTHDCPL.EXE[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\RTHDCPL.EXE[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\RTHDCPL.EXE[1124] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[1124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[1124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[1124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[1124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[1124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[1124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RUNDLL32.EXE[1152] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1192] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1192] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1192] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1192] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe[1248] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1268] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Skype\Phone\Skype.exe[1276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Skype\Phone\Skype.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[1276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Skype\Phone\Skype.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 03051014 .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 03050804 .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 03050A08 .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 03050C0C .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 03050E10 .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 030501F8 .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 030503FC .text C:\Program Files\Skype\Phone\Skype.exe[1276] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 03050600 .text C:\Program Files\Skype\Phone\Skype.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 03060804 .text C:\Program Files\Skype\Phone\Skype.exe[1276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 03060A08 .text C:\Program Files\Skype\Phone\Skype.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 03060600 .text C:\Program Files\Skype\Phone\Skype.exe[1276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 030601F8 .text C:\Program Files\Skype\Phone\Skype.exe[1276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 030603FC .text C:\WINDOWS\System32\smss.exe[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001FD9 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 022F4104 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 022F40E1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 019C3255 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 07711014 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 07710804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 07710A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 07710C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 07710E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 077101F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 077103FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 07710600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 022F4062 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 07520804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 07520A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 07520600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 075201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1480] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 075203FC .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Giza\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe[1492] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00361014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00360804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00360A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00360C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00360E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00360600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 104EE610 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 104EE681 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104F2366 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1540] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 104EBD82 C:\Program Files\Mozilla Firefox\xul.dll .text C:\WINDOWS\system32\csrss.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1596] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[1620] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[1620] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[1620] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[1620] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[1620] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[1620] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[1664] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[1664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[1664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[1664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[1664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[1664] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[1676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1860] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1860] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1944] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1944] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1944] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1944] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\nvsvc32.exe[1988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\nvsvc32.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\nvsvc32.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[1988] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\nvsvc32.exe[1988] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1988] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\nvsvc32.exe[1988] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1988] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[1988] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Update\GoogleUpdate.exe[2012] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrA.exe[2020] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\PnkBstrA.exe[2020] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[2296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 001F1014 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 001F0804 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 001F0A08 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 001F0C0C .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 001F0E10 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 001F01F8 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 001F03FC .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 001F0600 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00200804 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00200A08 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00200600 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002001F8 .text C:\Documents and Settings\Giza\Pulpit\FRST.exe[2452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002003FC .text C:\extensions\Tibia\Tibia.exe[2544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\extensions\Tibia\Tibia.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\extensions\Tibia\Tibia.exe[2544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\extensions\Tibia\Tibia.exe[2544] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\extensions\Tibia\Tibia.exe[2544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\extensions\Tibia\Tibia.exe[2544] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\extensions\Tibia\Tibia.exe[2544] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\extensions\Tibia\Tibia.exe[2544] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\extensions\Tibia\Tibia.exe[2544] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\extensions\Tibia\Tibia.exe[2544] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\alg.exe[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2608] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2608] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Blackd Proxy\Tibia.exe[2716] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\BrowseMark\bin\utilBrowseMark.exe[2912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\BrowseMark\bin\utilBrowseMark.exe[2912] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\BrowseMark\bin\FilterApp_C.exe[3172] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\NOTEPAD.EXE[3596] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3868] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\VentriloMIX\ventrilo 3.0.5.exe[4040] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[1664] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[1664] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8B0531F8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS AttachedDevice \Driver\Tcpip \Device\Ip tStLibG.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{7C4EBB1C-0306-4DD6-A919-98E029240FF5} 8AB53430 Device \Driver\usbuhci \Device\USBPDO-0 8AEC4430 Device \Driver\usbuhci \Device\USBPDO-1 8AEC4430 Device \Driver\usbuhci \Device\USBPDO-2 8AEC4430 Device \Driver\usbuhci \Device\USBPDO-3 8AEC4430 Device \Driver\usbehci \Device\USBPDO-4 8AE8D1F8 AttachedDevice \Driver\Tcpip \Device\Tcp tStLibG.sys Device \Driver\Cdrom \Device\CdRom0 8AE6E1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\usbstor \Device\00000073 8AB18430 Device \Driver\usbstor \Device\00000075 8AB18430 Device \Driver\usbstor \Device\00000076 8AB18430 Device \Driver\usbstor \Device\00000077 8AB18430 Device \Driver\NetBT \Device\NetBt_Wins_Export 8AB53430 Device \Driver\usbstor \Device\00000078 8AB18430 Device \Driver\NetBT \Device\NetbiosSmb 8AB53430 AttachedDevice \Driver\Tcpip \Device\Udp tStLibG.sys AttachedDevice \Driver\Tcpip \Device\RawIp tStLibG.sys Device \Driver\usbuhci \Device\USBFDO-0 8AEC4430 Device \Driver\usbuhci \Device\USBFDO-1 8AEC4430 Device \Driver\NetBT \Device\NetBT_Tcpip_{ACF3496A-5DF7-4948-B329-9B98B85023D3} 8AB53430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AAAE430 Device \Driver\usbuhci \Device\USBFDO-2 8AEC4430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AAAE430 Device \Driver\usbuhci \Device\USBFDO-3 8AEC4430 Device \Driver\usbehci \Device\USBFDO-4 8AE8D1F8 Device \FileSystem\Cdfs \Cdfs 8AB13430 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0xFF 0x1E 0x85 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x63 0x07 0x8C 0x5A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0xE2 0x99 0x65 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x9F 0x4D 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0xFF 0x1E 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0xFF 0x1E 0x85 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... ---- EOF - GMER 2.1 ----