GMER 1.0.15.14878 -
http://www.gmer.netRootkit scan 2009-03-09 16:38:39
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT spdj.sys ZwCreateKey [0xF76EC0E0]
SSDT spdj.sys ZwEnumerateKey [0xF770ACA2]
SSDT spdj.sys ZwEnumerateValueKey [0xF770B030]
SSDT spdj.sys ZwOpenKey [0xF76EC0C0]
SSDT spdj.sys ZwQueryKey [0xF770B108]
SSDT spdj.sys ZwQueryValueKey [0xF770AF88]
SSDT spdj.sys ZwSetValueKey [0xF770B19A]
INT 0x62 ? 86FD4BF8
INT 0x63 ? 86D99BF8
INT 0x82 ? 86FD4BF8
INT 0x94 ? 86D99BF8
INT 0xA4 ? 86D99BF8
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAAA4A44A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAAA4A3F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAAA4A40C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAAA4A4FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAAA4A527]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAAA4A48A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAAA4A5C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAAA4A3D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAAA4A3E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAAA4A45E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAAA4A569]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAAA4A511]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAAA4A5E9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAAA4A5D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAAA4A436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAAA4A422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAAA4A4B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAAA4A5AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAAA4A4A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAAA4A474]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 80509074 7 Bytes JMP AAA4A478 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8057A184 5 Bytes JMP AAA4A44E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057B063 5 Bytes JMP AAA4A4A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057B4DB 7 Bytes JMP AAA4A48E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8057CABD 5 Bytes JMP AAA4A3D4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057CDD2 7 Bytes JMP AAA4A462 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 805800A1 5 Bytes JMP AAA4A426 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C744 7 Bytes JMP AAA4A410 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 8058F609 5 Bytes JMP AAA4A4BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8059C4D2 5 Bytes JMP AAA4A5C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8059C7B4 5 Bytes JMP AAA4A3E8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059E48E 7 Bytes JMP AAA4A52B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 8059F837 7 Bytes JMP AAA4A4FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B4038 5 Bytes JMP AAA4A3FC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 806353D3 5 Bytes JMP AAA4A43A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 806547B0 5 Bytes JMP AAA4A5D9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654A89 7 Bytes JMP AAA4A5AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 80655358 7 Bytes JMP AAA4A56D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8065579F 7 Bytes JMP AAA4A515 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 80655C92 5 Bytes JMP AAA4A5ED \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spdj.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F72D562C 5 Bytes JMP 86D991D8
.text aeft6iz5.SYS F71FC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aeft6iz5.SYS F71FC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aeft6iz5.SYS F71FC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aeft6iz5.SYS F71FC3C9 1 Byte [2E]
.text aeft6iz5.SYS F71FC3CB 9 Bytes [00, 00, 5A, 02, 00, 00, 00, ...] {ADD [EAX], AL; POP EDX; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01150FEF
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01150093
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01150078
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01150F9E
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0115005B
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01150036
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011500BF
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 011500A4
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011500F5
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 011500DA
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 01150106
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01150FAF
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01150FDE
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01150F79
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0115001B
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0115000A
.text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01150F5C
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01130025
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01130FA5
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01130FD4
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01130FE5
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01130062
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01130051
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01130000
.text C:\WINDOWS\Explorer.EXE[536] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01130040
.text C:\WINDOWS\Explorer.EXE[536] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01120F66
.text C:\WINDOWS\Explorer.EXE[536] msvcrt.dll!system 77C293C7 5 Bytes JMP 01120F8B
.text C:\WINDOWS\Explorer.EXE[536] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01120FC1
.text C:\WINDOWS\Explorer.EXE[536] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01120FEF
.text C:\WINDOWS\Explorer.EXE[536] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01120F9C
.text C:\WINDOWS\Explorer.EXE[536] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01120FDE
.text C:\WINDOWS\Explorer.EXE[536] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\Explorer.EXE[536] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\Explorer.EXE[536] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00CA000A
.text C:\WINDOWS\Explorer.EXE[536] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\Explorer.EXE[536] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F10093
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F10F94
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F10078
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F10FAF
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F10047
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F10F4B
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F10F72
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F100BF
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F10F30
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00F100D0
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00F10FCA
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00F10014
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00F10F83
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00F10036
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00F10025
.text C:\WINDOWS\system32\services.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00F100AE
.text C:\WINDOWS\system32\services.exe[796] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A70F92
.text C:\WINDOWS\system32\services.exe[796] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A70FAD
.text C:\WINDOWS\system32\services.exe[796] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A70FD9
.text C:\WINDOWS\system32\services.exe[796] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A7000C
.text C:\WINDOWS\system32\services.exe[796] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A70FBE
.text C:\WINDOWS\system32\services.exe[796] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A7001D
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A80036
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A80080
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A80025
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A8006F
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A80FC3
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A80FD4
.text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FB0FB9
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!VirtualProtect 7C801AD0 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!VirtualProtect + 2 7C801AD2 3 Bytes JMP 00FB0FD6
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FB00B8
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FB006C
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FB00E6
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FB00C9
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FB011C
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FB0F83
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00FB012D
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00FB0087
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00FB0025
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00FB0FA8
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00FB0051
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00FB0036
.text C:\WINDOWS\system32\lsass.exe[808] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00FB0101
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00FA0FB9
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00FA0F68
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00FA0FD4
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00FA0025
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00FA0F8D
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\lsass.exe[808] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00FA0F9E
.text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F90F97
.text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F90FA8
.text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F90FCD
.text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F90022
.text C:\WINDOWS\system32\lsass.exe[808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F90FDE
.text C:\WINDOWS\system32\lsass.exe[808] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D30000
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D30F8B
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D30F9C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D30FAD
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D30FCA
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D30051
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D300AF
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D30F69
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D30F38
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D300D1
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00D30F27
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00D3006C
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00D30FE5
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00D30F7A
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00D30040
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00D30025
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00D300C0
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D20025
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D20F7C
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D20FCA
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D20F8D
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D20F9E
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D1004E
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D10FC3
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D10033
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D1000C
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D10FDE
.text C:\WINDOWS\system32\svchost.exe[1004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009D0F77
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009D006C
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009D0F88
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009D0FC0
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009D00AC
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009D0F5A
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009D0F2E
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009D00C7
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009D00E2
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 009D0FAF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 009D0025
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009D0091
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 009D0036
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 009D0FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009D0F49
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009C0036
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009C007D
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009C001B
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009C0FE5
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009C006C
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009C0051
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009C0FCA
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0FC8
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B0049
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B001D
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0FE3
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0038
.text C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B000C
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009A0FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1148] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02610FEF
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0261007B
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02610F86
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02610F97
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02610054
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02610FB2
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02610F4B
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0261009D
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02610F15
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 026100B8
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02610EFA
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02610043
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02610014
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0261008C
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02610FCD
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02610FDE
.text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02610F3A
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 025F0FB9
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 025F0F83
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 025F0FCA
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 025F0FDB
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 025F0040
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 025F002F
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 025F0000
.text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 025F0FA8
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025E0053
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 025E0042
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025E0FD2
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025E000C
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025E0027
.text C:\WINDOWS\System32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025E0FEF
.text C:\WINDOWS\System32\svchost.exe[1180] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02290000
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 025D0FE5
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 025D0000
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 025D0FBE
.text C:\WINDOWS\System32\svchost.exe[1180] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 025D0FAD
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00970FE5
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00970F72
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00970F8D
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00970F9E
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00970FAF
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0097002C
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00970F3A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00970082
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00970F04
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00970093
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00970EF3
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00970047
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00970F57
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00970FC0
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0097001B
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00970F1F
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00960040
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0096009B
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00960025
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00960014
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00960080
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00960FDE
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00960FEF
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0096005B
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00950FAD
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!system 77C293C7 5 Bytes JMP 00950FBE
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00950FD9
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00950000
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0095002E
.text C:\WINDOWS\system32\svchost.exe[1380] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0095001D
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00940000
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007C0084
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007C0069
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007C0058
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007C0047
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007C0FB6
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007C0F4D
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007C0095
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007C00CB
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007C0F32
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 007C00F0
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 007C0FA5
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 007C0011
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 007C0F74
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 007C0FD1
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 007C0022
.text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007C00B0
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00720025
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00720051
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00720FD4
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00720FEF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00720F94
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00720FAF
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00720000
.text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00720036
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00710042
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!system 77C293C7 5 Bytes JMP 00710027
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0071000C
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00710FB7
.text C:\WINDOWS\system32\svchost.exe[1528] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00710FD2
.text C:\WINDOWS\system32\svchost.exe[1528] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 00700FEF
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00700031
.text C:\WINDOWS\system32\svchost.exe[1528] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 00700FDE
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930FA6
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930FB7
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930091
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930080
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0093004A
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930F8B
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009300C7
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00930110
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009300FF
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 0093012B
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0093005B
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009300B6
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0093002F
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[2144] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009300E4
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0092003D
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00920FA5
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00920022
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00920FB6
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00920058
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[2144] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00920FD1
.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00910F8B
.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!system 77C293C7 5 Bytes JMP 00910016
.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00910FC1
.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00910FE3
.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00910FB0
.text C:\WINDOWS\system32\svchost.exe[2144] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00910FD2
.text C:\WINDOWS\system32\svchost.exe[2144] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008E0000
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008E00A9
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008E0098
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008E0087
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008E006C
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008E0FCA
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008E0F7E
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008E0F99
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008E0F52
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008E00EB
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008E0110
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008E0051
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008E001B
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008E00C4
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008E002C
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008E0FDB
.text C:\WINDOWS\system32\svchost.exe[2312] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008E0F6D
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008D0F7C
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008D0025
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008D0FE5
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008D0FA1
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008D0FB2
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008D0FC3
.text C:\WINDOWS\system32\svchost.exe[2312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008C0FA1
.text C:\WINDOWS\system32\svchost.exe[2312] msvcrt.dll!system 77C293C7 5 Bytes JMP 008C002C
.text C:\WINDOWS\system32\svchost.exe[2312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008C0FBC
.text C:\WINDOWS\system32\svchost.exe[2312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[2312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008C0011
.text C:\WINDOWS\system32\svchost.exe[2312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008C0FE3
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0073
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0062
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F94
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A009A
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F52
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F2D
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00C6
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0F12
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0036
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F63
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0011
.text C:\WINDOWS\Explorer.EXE[3368] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A00B5
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00280FC3
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0028004A
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0028000A
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00280FD4
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00280F8D
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0028002F
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280FEF
.text C:\WINDOWS\Explorer.EXE[3368] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00280FB2
.text C:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F95
.text C:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290FA6
.text C:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0029000C
.text C:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FE3
.text C:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FB7
.text C:\WINDOWS\Explorer.EXE[3368] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FD2
.text C:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 002B000A
.text C:\WINDOWS\Explorer.EXE[3368] WININET.dll!InternetOpenUrlW 771D5BF7 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\Explorer.EXE[3368] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 013C0FE5
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0073
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F88
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0062
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F3C
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F59
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00A9
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F1A
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0EF5
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0051
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0084
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\dllhost.exe[3696] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F2B
.text C:\WINDOWS\system32\dllhost.exe[3696] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00280036
.text C:\WINDOWS\system32\dllhost.exe[3696] msvcrt.dll!system 77C293C7 5 Bytes JMP 00280FAB
.text C:\WINDOWS\system32\dllhost.exe[3696] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0028001B
.text C:\WINDOWS\system32\dllhost.exe[3696] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00280000
.text C:\WINDOWS\system32\dllhost.exe[3696] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00280FC6
.text C:\WINDOWS\system32\dllhost.exe[3696] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00280FD7
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FC0
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290040
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029001B
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F8D
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290F9E
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[3696] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FAF
.text C:\WINDOWS\system32\dllhost.exe[3696] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00790FE5
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FD72D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F771DC4C] spdj.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F771DCA0] spdj.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76ED040] spdj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76ED13C] spdj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76ED0BE] spdj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76ED7FC] spdj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76ED6D2] spdj.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86D992D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76FD048] spdj.sys
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlInitUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!swprintf] 4F8B0200
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeSetEvent] 968D5140
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00001C90
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 2296E852
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 478B0000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmFreeMappingAddress] 50016A40
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoDisconnectInterrupt] E8510000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00002284
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 6A18538B
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IofCompleteRequest] 868D5200
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00001C98
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IofCallDriver] 2272E850
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 4B8B0000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 51016A18
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoConnectInterrupt] 1CB4968D
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoDetachDevice] E8520000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00002260
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeInitializeEvent] 8A05478A
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB8E
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlInitAnsiString] 30C48300
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 1CBD8688
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoQueueWorkItem] 80E90000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmMapIoSpace] C6000000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 001CBB86
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoReportDetectedDevice] 438B0100
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoReportResourceForDetection] 8E8D5018
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00001C90
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2232E851
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!PoRequestPowerIrp] 538B0000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 52016A18
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!sprintf] E8500000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00002220
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ObfDereferenceObject] 8A05478A
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 001CBB8E
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 18C48300
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ZwClose] 1CBD8688
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 43EB0000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 320C538A
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 88F93BC0
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 001CBB96
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!PoCallDriver] F6317300
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoCreateDevice] 74070647
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 75C0841A
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 05578A0B
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ZwOpenKey] 968801B0
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 00001CBD
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoStartTimer] 57B60F66
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeInitializeTimer] 533B6604
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoInitializeTimer] 03087408
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeInitializeDpc] 72F93B3F
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeInitializeSpinLock] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoInitializeIrp] 86880547
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ZwCreateKey] 00001CBD
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 88084B8A
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 001CBE8E
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ZwSetValueKey] 40578B00
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeInsertQueueDpc] 8D52006A
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 001CC086
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoStartPacket] B1E85000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 8B000021
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001CB88E
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoFreeMdl] BC968B00
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmUnlockPages] 8900001C
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001CC48E
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] C8968900
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 8B00001C
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 016A4047
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCC68150
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoStartNextPacket] 5600001C
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeBugCheckEx] 002187E8
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 18C48300
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeSetTimer] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeCancelTimer] CCCCCCC3
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!_allmul] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmProbeAndLockPages] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!_except_handler3] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!PoSetPowerState] 8BEC8B55
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00C73445
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 00000000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!_aulldiv] 830C458B
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!strstr] C0840CEC
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!_strupr] 053C0D74
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeQuerySystemTime] 57B80974
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8B000000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!KeTickCount] 56C35DE5
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D08758B
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51FC4D
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52FD55
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoAllocateWorkItem] 8D51FE4D
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoAllocateIrp] 8D52FF55
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoAllocateMdl] 8D51F84D
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 5052F455
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmLockPagableDataSection] EABAE856
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C483FFFF
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0FC08520
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!ExFreePoolWithTag] 0001B185
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoFreeIrp] 46B70F00
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!IoFreeWorkItem] F44D8B48
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!InitSafeBootMode] C1815753
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlCompareMemory] 00002590
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 467C8D51
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!memmove] 76F0E84A
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[ntoskrnl.exe!MmHighestUserAddress] D88BFFFF
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!KfAcquireSpinLock] BA86880C
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!READ_PORT_UCHAR] 8B00001C
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!KeGetCurrentIrql] 24A48DFA
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!KfRaiseIrql] 00000000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!KfLowerIrql] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!HalGetInterruptVector] 8D3F0304
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!HalTranslateBusAddress] CB033043
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!KeStallExecutionProcessor] 0673C13B
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!KfReleaseSpinLock] C13B0003
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8366FA72
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!READ_PORT_USHORT] 75000E7B
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[HAL.dll!WRITE_PORT_UCHAR] 307B8D00
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[WMILIB.SYS!WmiSystemControl] 83660000
IAT \SystemRoot\System32\Drivers\aeft6iz5.SYS[WMILIB.SYS!WmiCompleteRequest] 6A000E7A
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FD31F8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \FatCdrom 868B1500
Device \FileSystem\Udfs \UdfsCdRom 86B601F8
Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk 86B601F8
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\sptd \Device\289529726 spdj.sys
Device \Driver\usbuhci \Device\USBPDO-0 86E171F8
Device \Driver\usbuhci \Device\USBPDO-1 86E171F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F661F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F661F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F661F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F661F8
Device \Driver\usbehci \Device\USBPDO-2 86E001F8
Device \Driver\usbuhci \Device\USBPDO-3 86E171F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CC3653A9-B7FF-4A1D-8B76-5332BACC3085} 86B131F8
Device \Driver\usbuhci \Device\USBPDO-4 86E171F8
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD51F8
Device \Driver\Cdrom \Device\CdRom0 86D79500
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD51F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86FD41F8
Device \Driver\atapi \Device\Ide\IdePort0 86FD41F8
Device \Driver\atapi \Device\Ide\IdePort1 86FD41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86FD41F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86B131F8
Device \Driver\NetBT \Device\NetbiosSmb 86B131F8
Device \Driver\PCI_PNP3476 \Device\0000005b spdj.sys
Device \Driver\PCI_PNP3476 \Device\0000005b spdj.sys
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 86E171F8
Device \Driver\usbuhci \Device\USBFDO-1 86E171F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B0B1F8
Device \Driver\usbuhci \Device\USBFDO-2 86E171F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B0B1F8
Device \Driver\usbuhci \Device\USBFDO-3 86E171F8
Device \Driver\usbehci \Device\USBFDO-4 86E001F8
Device \Driver\Ftdisk \Device\FtControl 86FD51F8
Device \Driver\aeft6iz5 \Device\Scsi\aeft6iz51 86DE81F8
Device \FileSystem\Fastfat \Fat 868B1500
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs 86A041F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0xA4 0xC5 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xBF 0x6B 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0xA4 0xC5 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x68 0xBF 0x6B 0xD3 ...
---- EOF - GMER 1.0.15 ----