VIRY.CZ

Prosím o kontrolu logu

Protože mi počítač nešel spustit v safe mode, postupoval jsem podle zdejšího návodu a přikládám sem log a prosím o kontrolu, zda tam mám nějaký problém - koukal, že je tam něco "high dangerous".

Jinak ten safe mode jsem chtěl využít, protože mi se mi nechce aktualizovat Framework 3.5, nešlo mi to ani odinstalovat, pak se mi to nějak pomocí Your Uninstaller povedlo, ale zase nešel nainstalovat stažená full verze Frameworku 3.5 SP1, tak jsem zase systém musel vrátit do předcházejícícho stavu.... prostě něco tam asi škodí.

Předem děkuji za pomoc

P.S. Log mi sem nejde překopírovat, že je moc dlouhá, tak jako příloha

Edit:: Přestože, mi výše uvedený program dal hlášku, že safe mode opraven, stejně se mi nespustí, pořád dokola mi nabíhá nabídka: Stav nouze, normální start, pak nějaká recovery konzole - ale stejně když vyberu "stav nouze", tak se zase vrátím zpět do téhle nabídky.... až to musím spustit normálním způsobem

Zdravím,

SafeBootKeyRepair>opravit nouzový režim
- stačí jen spustit, popřípadě potvrdit výzvy programu.
- tím opravíme spuštění nouzového režimu
http://download.bleepingcomputer.com/sU ... Repair.exe

pak by se hodil RSIT

Děkuji, jdu na to a tohle na konci toho přiloženého logu???:

API HOOK
Entrypoint Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: 0x0140FF42)

Bomba... safe mode už funguje

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBAMSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

Problémy s net.Framework mi asi nepomůžete, co? Už dlouho se snaží záplaty aktualizovat net.framework 3.5 sp1 a něco "family" a nikdy se to nepovede a jak jsem psal, ikdyž se mi to nějak podařilo odinstalovat, vyčistil ccleanerem, přesto se mi nepodařila instalovat stažená full verze frameworku 3.5 SP1

Problémy s net.Framework mi asi nepomůžete, co? Už dlouho se snaží záplaty aktualizovat net.framework 3.5 sp1 a něco "family" a nikdy se to nepovede.

Mám bohužel stejný problém, řešení neznám - nastavil jsem, aby se příště nezobrazovaly
zatím s tím nemám problémy - ale je to dobrý podnět - pustíme na to MiliNess

dalším krokem je Gmer

http://www.gmer.net/gmer.zip

Stáhni a rozbal přímo na C: a spusť
po ukonční scanu se zobrazí výsledek > "Save" > uloží log který zkopíruj do svého příspěvku.

dále:
Při zaškrtnutých všech položkách v pravém sloupci klik na "Scan"
po dokončení scanu opět "Save" > uloží se log který rovněž zkopíruj na fórum.

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 - kompletní návod

je to na delší dobu, tak s tím počítej

Tak první log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-29 18:51:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.04.0
Running: gmer.exe; Driver: C:\DOCUME~1\Jirka\LOCALS~1\Temp\pxrdapob.sys


---- System - GMER 1.0.15 ----

SSDT spnq.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spnq.sys ZwEnumerateValueKey [0xF74FD132]

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [F7B4E720] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F7B4E720] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device 8A3BC1F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Tak se mi ntb. během scanu sám zrestartoval - asi se ta havěť uvnitř pěkně nas***a ))), jdu to spustit ještě jednou

V případě opakovaného neúspěchu proveď v nouzovém režimu

Tak mi to trvalo skoro 2,5 hodiny (v prvním případě žena při tom hrála Solitaire a proto asi ten restart), takže log po scanu v příloze, protože je moc dlouhý.

Předem moc děkuji za kuk a ev.další radu co a jak

Dobrou

Dobrý večer, ten NET Framework zkuste odstranit pomocí .NET Framework cleanup tool
Odstraňte všechny verze a pak je znovu nainstalujte.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-29 22:25:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD80 rev.04.0
Running: gmer.exe; Driver: C:\DOCUME~1\Jirka\LOCALS~1\Temp\pxrdapob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7AF6E52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7AD7CDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7AD7ED0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7AF7640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7AF78F4]
SSDT spse.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spse.sys ZwEnumerateValueKey [0xF74FD132]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7AF5B44]
SSDT spse.sys ZwQueryKey [0xF74FD20A]
SSDT spse.sys ZwQueryValueKey [0xF74FD08A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7AF7D60]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7AF7112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7AD7984]

INT 0x62 ? 8A3BFBF8
INT 0x63 ? 89777BF8
INT 0x63 ? 89777BF8
INT 0x63 ? 89777BF8
INT 0x73 ? 89777BF8
INT 0x82 ? 8A3BFBF8
INT 0x94 ? 89777BF8
INT 0xA4 ? 89777BF8
INT 0xB4 ? 8A348BF8

---- Kernel code sections - GMER 1.0.15 ----

? spse.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B89FE8AC 5 Bytes JMP 897771D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5840
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C59E0
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C6130
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5AB0
.text C:\WINDOWS\system32\hkcmd.exe[416] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5910
.text C:\WINDOWS\system32\hkcmd.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C56D8
.text C:\WINDOWS\system32\hkcmd.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5C50
.text C:\WINDOWS\system32\hkcmd.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5B80
.text C:\WINDOWS\system32\hkcmd.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5D20
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C62D0
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5F90
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6060
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6200
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5DF0
.text C:\WINDOWS\system32\hkcmd.exe[416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5EC0
.text C:\WINDOWS\system32\igfxpers.exe[444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B57A8
.text C:\WINDOWS\system32\igfxpers.exe[444] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5948
.text C:\WINDOWS\system32\igfxpers.exe[444] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B6098
.text C:\WINDOWS\system32\igfxpers.exe[444] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5A18
.text C:\WINDOWS\system32\igfxpers.exe[444] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5878
.text C:\WINDOWS\system32\igfxpers.exe[444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B56D8
.text C:\WINDOWS\system32\igfxpers.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5BB8
.text C:\WINDOWS\system32\igfxpers.exe[444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5AE8
.text C:\WINDOWS\system32\igfxpers.exe[444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5C88
.text C:\WINDOWS\system32\igfxpers.exe[444] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B6238
.text C:\WINDOWS\system32\igfxpers.exe[444] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5EF8
.text C:\WINDOWS\system32\igfxpers.exe[444] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B5FC8
.text C:\WINDOWS\system32\igfxpers.exe[444] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6168
.text C:\WINDOWS\system32\igfxpers.exe[444] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5D58
.text C:\WINDOWS\system32\igfxpers.exe[444] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5E28
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009F57A8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 009F5948
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 009F6098
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 009F5A18
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 009F5878
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009F5528
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009F5BB8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009F5AE8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009F5C88
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 009F6238
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 009F5EF8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 009F5FC8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 009F6168
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009F5D58
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[456] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009F5E28
.text C:\WINDOWS\system32\rundll32.exe[460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5870
.text C:\WINDOWS\system32\rundll32.exe[460] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5A10
.text C:\WINDOWS\system32\rundll32.exe[460] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C6160
.text C:\WINDOWS\system32\rundll32.exe[460] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5AE0
.text C:\WINDOWS\system32\rundll32.exe[460] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5940
.text C:\WINDOWS\system32\rundll32.exe[460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5708
.text C:\WINDOWS\system32\rundll32.exe[460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5C80
.text C:\WINDOWS\system32\rundll32.exe[460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5BB0
.text C:\WINDOWS\system32\rundll32.exe[460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5D50
.text C:\WINDOWS\system32\rundll32.exe[460] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6300
.text C:\WINDOWS\system32\rundll32.exe[460] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5FC0
.text C:\WINDOWS\system32\rundll32.exe[460] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6090
.text C:\WINDOWS\system32\rundll32.exe[460] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6230
.text C:\WINDOWS\system32\rundll32.exe[460] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5E20
.text C:\WINDOWS\system32\rundll32.exe[460] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5EF0
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5868
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5A08
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B6158
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5AD8
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5938
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5700
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5C78
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5BA8
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5D48
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B62F8
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5FB8
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B6088
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6228
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5E18
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[472] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5EE8
.text c:\bbbb\gmer.exe[524] ntdll.dll!NtSetInformationThread 7C90DCAE 5 Bytes JMP 003D5660
.text c:\bbbb\gmer.exe[524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003D5750
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5868
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C6158
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5AD8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5938
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5700
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5C78
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5BA8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5D48
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C62F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5FB8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6088
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6228
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5E18
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[632] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5EE8
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003E5850
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003E59F0
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003E6140
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003E5AC0
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003E5920
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003E5708
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003E5C60
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003E5B90
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003E5D30
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003E62E0
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003E5FA0
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003E6070
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003E6210
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E5E00
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[696] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E5ED0
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5820
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B59C0
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B6110
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5A90
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B58F0
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5700
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5C30
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5B60
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5D00
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B62B0
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5F70
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B6040
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B61E0
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5DD0
.text C:\Program Files\Rising\AntiSpyware\rstray.exe[748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5EA0
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B57B8
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5958
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B60A8
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5A28
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5888
.text C:\WINDOWS\system32\igfxsrvc.exe[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B56E8
.text C:\WINDOWS\system32\igfxsrvc.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5BC8
.text C:\WINDOWS\system32\igfxsrvc.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5AF8
.text C:\WINDOWS\system32\igfxsrvc.exe[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5C98
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B6248
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5F08
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B5FD8
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6178
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5D68
.text C:\WINDOWS\system32\igfxsrvc.exe[752] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5E38
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5698
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C5F88
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5908
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5768
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5530
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5AA8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C59D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5B78
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6128
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5DE8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C5EB8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6058
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5C48
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5D18
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 017C5848
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 017C59E8
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 017C6138
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 017C5AB8
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 017C5918
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 017C5700
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017C5C58
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017C5B88
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017C5D28
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] advapi32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 017C62D8
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] advapi32.dll!StartServiceA 77DDFB58 5 Bytes JMP 017C5F98
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] advapi32.dll!StartServiceW 77DE3E94 5 Bytes JMP 017C6068
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] advapi32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 017C6208
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 017C5DF8
.text C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 017C5EC8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A56A8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5848
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A5F98
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5918
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5778
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5540
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5AB8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A59E8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5B88
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6138
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5DF8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A5EC8
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6068
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5C58
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1068] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5D28
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00485850
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 004859F0
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00486140
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00485AC0
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00485920
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 004856E8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00485C60
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00485B90
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00485D30
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 004862E0
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 00485FA0
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 00486070
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00486210
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00485E00
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00485ED0
.text C:\WINDOWS\system32\ctfmon.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00375840
.text C:\WINDOWS\system32\ctfmon.exe[1264] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003759E0
.text C:\WINDOWS\system32\ctfmon.exe[1264] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00376130
.text C:\WINDOWS\system32\ctfmon.exe[1264] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00375AB0
.text C:\WINDOWS\system32\ctfmon.exe[1264] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00375910
.text C:\WINDOWS\system32\ctfmon.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003756D8
.text C:\WINDOWS\system32\ctfmon.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00375C50
.text C:\WINDOWS\system32\ctfmon.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00375B80
.text C:\WINDOWS\system32\ctfmon.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00375D20
.text C:\WINDOWS\system32\ctfmon.exe[1264] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003762D0
.text C:\WINDOWS\system32\ctfmon.exe[1264] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 00375F90
.text C:\WINDOWS\system32\ctfmon.exe[1264] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 00376060
.text C:\WINDOWS\system32\ctfmon.exe[1264] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00376200
.text C:\WINDOWS\system32\ctfmon.exe[1264] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00375DF0
.text C:\WINDOWS\system32\ctfmon.exe[1264] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00375EC0

.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [E9]
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003E58D8
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003E5A78
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003E61C8
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003E5B48
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003E59A8
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003E5770
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003E5CE8
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003E5C18
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003E5DB8
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] advapi32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003E6368
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] advapi32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003E6028
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] advapi32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003E60F8
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] advapi32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003E6298
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E5E88
.text C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E5F58
.text C:\Program Files\iTV\iTV.exe[1360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5820
.text C:\Program Files\iTV\iTV.exe[1360] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B59C0
.text C:\Program Files\iTV\iTV.exe[1360] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B6110
.text C:\Program Files\iTV\iTV.exe[1360] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5A90
.text C:\Program Files\iTV\iTV.exe[1360] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B58F0
.text C:\Program Files\iTV\iTV.exe[1360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B56D8
.text C:\Program Files\iTV\iTV.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5C30
.text C:\Program Files\iTV\iTV.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5B60
.text C:\Program Files\iTV\iTV.exe[1360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5D00
.text C:\Program Files\iTV\iTV.exe[1360] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B62B0
.text C:\Program Files\iTV\iTV.exe[1360] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5F70
.text C:\Program Files\iTV\iTV.exe[1360] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B6040
.text C:\Program Files\iTV\iTV.exe[1360] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B61E0
.text C:\Program Files\iTV\iTV.exe[1360] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5DD0
.text C:\Program Files\iTV\iTV.exe[1360] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5EA0
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5698
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5838
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A5F88
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5908
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5768
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5530
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5AA8
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A59D8
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5B78
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] advapi32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6128
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] advapi32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5DE8
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] advapi32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A5EB8
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] advapi32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6058
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5C48
.text C:\Program Files\USB Safely Remove\USBSRService.exe[1680] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5D18
.text C:\WINDOWS\Explorer.EXE[1764] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00365830
.text C:\WINDOWS\Explorer.EXE[1764] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003659D0
.text C:\WINDOWS\Explorer.EXE[1764] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00366120
.text C:\WINDOWS\Explorer.EXE[1764] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00365AA0
.text C:\WINDOWS\Explorer.EXE[1764] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00365900
.text C:\WINDOWS\Explorer.EXE[1764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003656C8
.text C:\WINDOWS\Explorer.EXE[1764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00365C40
.text C:\WINDOWS\Explorer.EXE[1764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00365B70
.text C:\WINDOWS\Explorer.EXE[1764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00365D10
.text C:\WINDOWS\Explorer.EXE[1764] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003662C0
.text C:\WINDOWS\Explorer.EXE[1764] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 00365F80
.text C:\WINDOWS\Explorer.EXE[1764] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 00366050
.text C:\WINDOWS\Explorer.EXE[1764] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003661F0
.text C:\WINDOWS\Explorer.EXE[1764] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00365DE0
.text C:\WINDOWS\Explorer.EXE[1764] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00365EB0
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1956] ntdll.dll!NtSetInformationThread 7C90DCAE 5 Bytes JMP 00575450
.text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00575540
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5910
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5AB0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C6200
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5B80
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C59E0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5718
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5D20
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5C50
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5DF0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C63A0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C6060
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6130
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C62D0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5EC0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5F90
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5868
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A6158
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5AD8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5938
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5700
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5C78
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A5BA8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5D48
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A62F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5FB8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A6088
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6228
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5E18
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5EE8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5850
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B59F0
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B6140
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5AC0
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5920
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B56E8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5C60
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5B90
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5D30
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B62E0
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5FA0
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B6070
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6210
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5E00
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5ED0
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5870
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5A10
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C6160
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5AE0
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5940
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5708
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5C80
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5BB0
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5D50
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6300
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5FC0
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C6090
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6230
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5E20
.text C:\Documents and Settings\All Users\Data aplikací\U3\U3Launcher\LaunchU3.exe[2120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5EF0
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009C5850
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 009C59F0
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 009C6140
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 009C5AC0
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 009C5920
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C56E8
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C5C60
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C5B90
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C5D30
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 009C62E0
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 009C5FA0
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 009C6070
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 009C6210
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C5E00
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C5ED0
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006C5658
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 006C57F8
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006C5F48
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 006C58C8
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 006C5728
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C5540
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C5A68
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C5998
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006C5B38
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 006C60E8
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 006C5DA8
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 006C5E78
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 006C6018
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006C5C08
.text C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe[2460] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006C5CD8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00955710
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00955868
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00955FB8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00955938
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00955798
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00955540
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00955AD8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00955A08
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00955BA8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 00956158
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 00955E18
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 00955EE8
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 00956088
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00955C78
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[2552] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00955D48
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B57E0
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5980
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B60D0
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5A50
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B58B0
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B56C8
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5BF0
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5B20
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5CC0
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B6270
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5F30
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B6000
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B61A0
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5D90
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2612] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5E60
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B56A8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5848
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B5F98
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5918
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5778
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5540
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5AB8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B59E8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5B88
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B6138
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5DF8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B5EC8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6068
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5C58
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2796] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5D28
.text C:\WINDOWS\system32\nlssrv32.exe[2916] ntdll.dll!NtSetInformationThread 7C90DCAE 5 Bytes JMP 003E5430
.text C:\WINDOWS\system32\nlssrv32.exe[2916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003E5520
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003E5810
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003E59B0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003E6100
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003E5A80
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003E58E0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003E5528
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003E5C20
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003E5B50
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003E5CF0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003E62A0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003E5F60
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003E6030
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003E61D0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E5DC0
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2932] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E5E90
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B56A8
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5848
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B5F98
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5918
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5778
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5540
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5AB8
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B59E8
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5B88
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B6138
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5DF8
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B5EC8
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6068
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5C58
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3024] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5D28
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5880
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B5A20
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B6170
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B5AF0
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5950
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5718
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5C90
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5BC0
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5D60
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B6310
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5FD0
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B60A0
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6240
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5E30
.text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5F00
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5648
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B57E8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B5F38
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B58B8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5718
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5530
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5A58
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5988
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5B28
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B60D8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5D98
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B5E68
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6008
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5BF8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3784] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5CC8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5658
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003B57F8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B5F48
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003B58C8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003B5728
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003B5540
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5A68
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5998
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5B38
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003B60E8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003B5DA8
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003B5E78
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003B6018
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003B5C08
.text C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003B5CD8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C5698
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5838
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C5F88
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5908
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C5768
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5530
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5AA8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C59D8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5B78
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6128
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5DE8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C5EB8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C6058
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5C48
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3948] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5D18
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A56A8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5848
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A5F98
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5918
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A5778
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A5540
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5AB8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A59E8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5B88
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003A6138
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003A5DF8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003A5EC8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003A6068
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A5C58
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[3968] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A5D28
.text C:\WINDOWS\System32\alg.exe[3996] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C56F0
.text C:\WINDOWS\System32\alg.exe[3996] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003C5890
.text C:\WINDOWS\System32\alg.exe[3996] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C5FE0
.text C:\WINDOWS\System32\alg.exe[3996] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003C5960
.text C:\WINDOWS\System32\alg.exe[3996] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003C57C0
.text C:\WINDOWS\System32\alg.exe[3996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003C5588
.text C:\WINDOWS\System32\alg.exe[3996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C5B00
.text C:\WINDOWS\System32\alg.exe[3996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C5A30
.text C:\WINDOWS\System32\alg.exe[3996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003C5BD0
.text C:\WINDOWS\System32\alg.exe[3996] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 003C6180
.text C:\WINDOWS\System32\alg.exe[3996] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 003C5E40
.text C:\WINDOWS\System32\alg.exe[3996] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 003C5F10
.text C:\WINDOWS\System32\alg.exe[3996] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 003C60B0
.text C:\WINDOWS\System32\alg.exe[3996] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C5CA0
.text C:\WINDOWS\System32\alg.exe[3996] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C5D70

.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006A5688
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 006A5828
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006A5F78
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 006A58F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 006A5758
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006A5570
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006A5A98
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006A59C8
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006A5B68
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 006A6118
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ADVAPI32.dll!StartServiceA 77DDFB58 5 Bytes JMP 006A5DD8
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ADVAPI32.dll!StartServiceW 77DE3E94 5 Bytes JMP 006A5EA8
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 006A6048
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006A5C38
.text C:\Program Files\Java\jre6\bin\jqs.exe[4092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006A5D08

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74E5042] spse.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74E513E] spse.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74E50C0] spse.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74E5800] spse.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74E56D6] spse.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74F4B90] spse.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\hkcmd.exe[416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\hkcmd.exe[416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\hkcmd.exe[416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\hkcmd.exe[416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\hkcmd.exe[416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\hkcmd.exe[416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT c:\bbbb\gmer.exe[524] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT c:\bbbb\gmer.exe[524] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT c:\bbbb\gmer.exe[524] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT c:\bbbb\gmer.exe[524] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT c:\bbbb\gmer.exe[524] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Microsoft Security Essentials\msseces.exe[696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Rising\AntiSpyware\rstray.exe[748] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Hard Disk Sentinel\HDSentinel.exe[956] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\USB Safely Remove\USBSafelyRemove.exe[1268] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\iTV\iTV.exe[1360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\iTV\iTV.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\iTV\iTV.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\iTV\iTV.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\iTV\iTV.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\iTV\iTV.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\iTV\iTV.exe[1360] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1976] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[1992] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2144] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00A00ED0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00A00BC0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 009F96B0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 009FABF0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 009FDD60
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 009FB940
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 009FAF20
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 009FD0A0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00A000A0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00A000E0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00A01220
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 009FFC90
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 009FDCC0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 009FC460
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 009FB5F0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 009FBEE0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00A017A0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 009FD3F0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 009FDB20
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 009FE750
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 009FE230
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 009FE6D0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 009FF1F0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 009FE8C0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 009FB2A0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 009FC310
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00A001C0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 009FE370
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 009FDC60
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 009FD820
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 009FDE70
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00A01240
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 009FE170
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00A014E0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00A01480
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00A016D0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00A01770
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00A015A0

---- Devices - GMER 1.0.15 ----

Device 8A3471F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{A627287B-E55B-4834-9041-674DA7D70AA9} 88191500
Device \Driver\usbehci \Device\USBPDO-0 896BA1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3491F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A3491F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A3491F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A3491F8
Device \Driver\usbuhci \Device\USBPDO-1 896C81F8
Device \Driver\usbuhci \Device\USBPDO-2 896C81F8
Device \Driver\usbuhci \Device\USBPDO-3 896C81F8
Device \Driver\usbuhci \Device\USBPDO-4 896C81F8
Device \Driver\usbehci \Device\USBPDO-5 896BA1F8
Device \Driver\usbuhci \Device\USBPDO-6 896C81F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3C01F8
Device \Driver\Cdrom \Device\CdRom0 897071F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6E156046-EB06-491B-9660-18455545FF97} 88191500
Device \Driver\iaStor \Device\Ide\iaStor0 [F7B4E720] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F7B4E720] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 88191500
Device \Driver\NetBT \Device\NetbiosSmb 88191500
Device \Driver\usbuhci \Device\USBFDO-0 896C81F8
Device \Driver\usbuhci \Device\USBFDO-1 896C81F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 880F2500
Device \Driver\usbehci \Device\USBFDO-2 896BA1F8
Device 880F2500
Device \Driver\usbuhci \Device\USBFDO-3 896C81F8
Device \Driver\usbuhci \Device\USBFDO-4 896C81F8
Device \Driver\Ftdisk \Device\FtControl 8A3C01F8
Device \Driver\usbuhci \Device\USBFDO-5 896C81F8
Device \Driver\usbehci \Device\USBFDO-6 896BA1F8
Device \FileSystem\Cdfs \Cdfs 880A2500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167000000
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167000000@00265f96d5f8 0x52 0xCF 0xAB 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167000000@001fcd2ade13 0x31 0x74 0xEB 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0x05 0x58 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167000000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167000000@00265f96d5f8 0x52 0xCF 0xAB 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167000000@001fcd2ade13 0x31 0x74 0xEB 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0x05 0x58 0x1C ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 64724AC8CA559A2DEF15F1ED23AF4C828D3B788AE78BB64A904C81A6266C519D34077A0401A4F08B9A8607CDB4C600EE5C98840D32DE4E0B2162A17340FC67FD56D1F973B616FB7F6866CAA6433060F191BFB888BE5914C4B9081F01127CDEA3E4A6F1363474777533C3B33BA703C12DE89BF286160417EE16A6603A777EA0F93E0B743C43FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D1407A6A0AC4980AC7933A4ADD3A7F4991B511FBDFA33CFA7C9FE836A1130E0059071CA64A025A5011E26577B6ACA1ABAD4D0F9F8D234B539E40F5508A411A82033AE86B1A4FEF4791187A2676CDF4EFCC65F829C1FD1D17C6961617368A78ACE86A2C772CAF7C3D9993CC557C6BCB19C556E0467C383615941592061D229FDC097C15277C2A8693E88E8F1D37DF91A3E3A733E3BB603D59BA95D7BB07111348A4B825FB4CDEDEEA186B6CC0DA5758EE581E7E22085CDD5F1B458D4DF66A08EA356621C433FE617679052F153E9CF4C008C4A19404D273AEFC83800926157236A45DFAA60027853D4F46CEC9C88ED445A0F9BFB6A4293118D9FF045112FFE3E1DF57E9EED13CB4C9159394303D37A192612619B12AB5F1AA54678E0472AA25D609AC6826E834BDCAC337167C4B1E0A67BF2A679CEE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV 843D4D5FD15F23892C405683BECC08EE5946B5DEF1F79C67047E80BD4BE2E2BF3309490C22BFA016CFE84D49648A11B211C3B1C84CEE2DB4F9F150CB1E81818F605F19E3004B155789BC8226591AE25C527C0132C4B4D819ECAA9B06934AF4EEA8860B9DE33DEAAECEF4E170BCBD59FA0BC050AE42308C71E42FF3D97EE5DCA64FD8AEA6A8A790F33DE11E31928AD19350F49505149BB60F10952BEC11D65876B9C3D99E0BEE75F112E62E2542EAB01F591085AC68054C363F8E5A17E76E0B0FF04BA55BAE4C9168B07A4CBD969BDA86031F1C575451C39F67595E61FDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A9C6AECB7A5D1407BA7FD869164D6794EAE176F2AE953F4EC56374DF60F70C85E075120A63DF2CA00659B7B171A294EA5A101E831A67523403E1B44B91B56153A374E246D1154EB89FF492F80A392C903B470B9B62445DF4FCD49F1386119DB0685BADFE0D95F19387DBE34E23CDD6524406E1EE8C3E437A8C4CA886FA7C0572CE6CCF3BA4D65A90432015923DF6F03A7ED03BD531AC2216E05B34933A328D524CE99AA3B912FA71A9D707C6F0100DB148ACA2CB7CABC77DFD9A1950A5ADE56DA69DD5070344FCDCE89D0D92E9B46F89D12498F1AE1A344838A427F6332E6AC57A543
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 18454B32E6CD8A4CFAB02D84F2FA9AB9A8658A6BF72068146CC949E372FD905E362F23C6D04B63CDED48BAF779AE6CB99FAD8D9F9352C3A270F731F12EFDB3C26EE2D98CAFC62D2E1E04BD61124F8C096D17BD2F7794AE47E349628B0D4CD280B12CA680B0D352D204239CB4803023D42E6E4BA69F1AAD17A53EFAF6DA9D6EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6A0AC4980AC79339DB7CE019D40AA5C3C1AE4DB208DC64CBAEB33AD781F35BDB6F551E69E86E9D00051E749A0AD813386C1E3D98A0C34CB5DB58BA2B34BF7604E07A4BA96BAA888771EAB243D084EF2874F9CF6BBD666FBF118C7E13A9B438D512CB3721151F8D7BC459DB4EDF663544253F59B96DF2998E6ECFD41AA55647EB622E9730587C916EC0A190D254A6EE821B5DBA424AC8C910C5E4D8A4553EC9F5AF7B2120F2ACD4B0D01FBAE74666276EFB0BD649056E40A986DD47CEF83B2117814039A6C1DF8B48394A994954277785E548F9DAE8A4B59A3ECB9483667CDA8342FCCCC00D987441C010828E3ECA81E8181498CF109998B2D83A414C4969BEC15D58B59D1E876A006D982CA5F0434C8D1F0E5DA74A9716094AF42FA6CBA3E9B84E73DE98BEB8822D48407502A3D1D102B2C64ABF2D2B6C9A0BE430AA5929825C
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 99A79F148C28ED12C237F129029AD0B610B579E3482266AF2558B2837DCEC6F461B3C2E0C927E8F09A0829529E5C9C10F04D82E994C118A2A41DDAFCCC1B0D0C0DE48DF66A3CD8C793EDBF881A6D3BB143AD579F21B0A130E269982C0F49051BA930C0376B18CC04FC1C3CD47E4C5242B6656851AB5A65541249E6C1524DE7128A3FFCD847DE792BE7770C0FDCE831F8C1390B1E739CE89CA6FE24C4A79316F4456E4CE404A836D52C9B7EE7472848A49A21F8793EC8D5ACDAFD120D27FA135933D018392781003066D7C9E15764ABA53D474F2B5426FB39AA6F5746665683EB73AA3108BB6975F9F4AC0453FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452BA7FD869164D6794C038D530D6EB3452F02C351249CE3E2DC448B9A4CBEBA5C4EBFDC9D63259B56CD5543FC7966C84180A264F1D4FD1F365D7FB6F3F3251E58721B9D3F2DB637B01B11BF73014926BA521003C59BA34DFFC4D8B0CB744E8EBE0DE8B9B504D750F7EE0B9307E31E1C41668C3FB6A40F3A89CC72E0946F9EDA81F56F833DBDD27C7F8C82330F6466FF16195F130895BC1D9C36D9081358ECDEFE23FFA4E182A446557CF3DE7EDF0823AD461FBA07F490563C2E9D134667FABFA25D5FEC69813CB08D765E2E84E119847910BC8382
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC7.00.00.01PROSTATION 7E3FCDF198260ABB56E58D80DF70ECF9E5D4647C0F7BEC4EBC65CB80CB7F6A0531626D639204E3DCCE48F34B85E4EE1F938CAB46196003C6FC7BF17E83BF8F35E29DF8770084E0F6A3B653D7E6ADE220214ED9CD900C1EAC904BD67B0D1E96FB911D0B759F8976529D75FCD01E997F74459715400E54584A39AC16C59D9AA3152CB056EFE35C69BC7A6FD4A67A59511AA80A970E5CF4A2EB2F98DD6E1F9AA9BF18CB1D38F4AA5602EA2E56100002B612E9ECB06D7D0CC3E29B2FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A9C6AECB7A5D140735B8BAA50EA15906BB05DEA2C3BCA944CA00EB9B397E96832732C84ED101A05CA44199199435CEB14B0D5E12FA8E338AC3DF6E240634CCFC182D31C627CEAEAA485CBFBD7AD88445A4ACBF6B4B89573105A09E367345AEAA437C8FF77A2B7A7F0F5667FE96A650608D313AA5F2997930CAAF52F2438E4E7A78D0F7C9B10260E67F3E022F97BA7B43E02A3A1C01AA70A264BD14DC8AEC2E031D1D310A88C2B28B336932057A35C5D58BECE08ADAB00746354420DBB543C6F9271733680CE1B43FD66F4F17143A60A0911503163A9EFC7E3479693A00F9833B26BAAE79A156A2F52BAC65E50C73705108FDA8C2AA6F83D2EB5E14A8FC7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL FA27199735FDA3C25D7DF0ECC9FA2202210B2ADEE130C1CF78EC4846B4B48060B1FC6D390DF6AC116CB71CBCC3CA2B0054F910B8C9CB5CEF7D03214D421009FABED33DEA2FA25F9AA7D1EEBE26D9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B98089DB7CE019D40AA5C71F69F66420FF8302AA28358302A656D53DB2D71C7B8B7F9958DB9D5BCC6D22E67C132EB43F69E6411A6800D8F70BE48B4677377F22066F57149CC1A7CBD2AEB8EA7E62CB4AD6DCC3D33E515E02B5FEBE3887DA4594581320095BC20F1AD45CA90CAF7146ECFB3A619A437800C41AA4CACFAB7509480A5F40E2901A306FA1A84DB8107654AED5FC1D48EDC37FC1329EB1F2F73A5401B96192C72F2B4A6FB46E8A25416B6A68B068263B72373A2ED09E58FC7E724FDD1398B3092D1B8467B865BDA800D706721DD60FA1A3A4571991BE5961CAB21F1D8165132DA3E68D9B8BE52BE77B652F09A446917E4370EDFCD532F0FB83F43C5545D7D90D641515B6775DA4C6043EB3056393C77F89185EAB8CA95995C0107A3DF60BB6BC2C252482D5592C59345A4922C5F0E1F6EA6B692F93F831BF9393BBE8894CA298C93A222272E2D311F35B50B607F26548F367FD82791753B3B8F04CACF93FC72DB64C8EEE1F1F2D84
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODI05.00.00.01PRO 2354FEE84798D27738C179DC3776FCBBD8C68FAE93492F955AA3B4D57550038A86D186DD04AFC6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407A6171C11EC38DE3D786C020EDC3D05CEC7EB50EFB2B7628CCCD60E81C61B6CA207ED2965FA6B12CE107F7AC9194CEF9B25B457AF055BCCEA8C6F003ACA12DF92C4B84693F243738583C19CDEAD184F0E8AEEE8384CAF749842F8A2C88440AB8D2E98D0EC8E4E5EBD2C49C55F0A7447590613BA03BABA6D00D0EC2E300C79ED559BA71C996B539D30F57184BEF0397150B85DB86EDA84BB2EAD088756CE98B952F8C4AC2B7B9C70BEE0581956F84259ECD74D82BA06995956E2CCCD850E7A968DC4113D9385790D6D8063FB628C6E01CB2D276C0EEC0B354C0F7ECFECDD817E3791733A2C22BB9962FE37D6816A22DC2D14F3FC71136C328CE5A8139F289261A2881545AE40BAB2EA964109BA27C3D6F6017F705251D724B2AB95CF912718A2C5E2E5B43BA0D1E8F7192F24F4A6BFCCB1F5593583D1E8D602BA58F21EEE00173A71171155D9DDBF9BE874EEFC26070D8A8E56EFB715C0875F03461C85E13B0DC1961E18E3D5C2AE8D8148E483B30CDED1F50F780B6F84E756057721E7B93FC03EC9363B32D06623ABEBA6321CB045F97CE
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----