Open Side Menu Go to the Top
FAQ Today's Posts Search Twitter Discord
Register
GMER Scan says HEM is a rootkit? GMER Scan says HEM is a rootkit?
Post Reply Subscribe
...
08-19-2009 , 04:19 PM
#1
rbhambha's Avatar
rbhambha
View Profile Send Message Find Posts By rbhambha Find Threads By rbhambha
journeyman
Join Date: Mar 2008 Posts: 386
Code:
GMER 1.0.15.15077 [GmerScanner.exe] - http://www.gmer.net
Rootkit scan 2009-08-19 15:15:33
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT     BA727EEE                                                                                                         ZwCreateKey
SSDT     BA727EE4                                                                                                         ZwCreateThread
SSDT     BA727EF3                                                                                                         ZwDeleteKey
SSDT     BA727EFD                                                                                                         ZwDeleteValueKey
SSDT     BA727F02                                                                                                         ZwLoadKey
SSDT     BA727ED0                                                                                                         ZwOpenProcess
SSDT     BA727ED5                                                                                                         ZwOpenThread
SSDT     BA727F0C                                                                                                         ZwReplaceKey
SSDT     BA727F07                                                                                                         ZwRestoreKey
SSDT     BA727EF8                                                                                                         ZwSetValueKey
SSDT     BA727EDF                                                                                                         ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text    C:\Program[2708] ntdll.dll!NtAreMappedFilesTheSame                                                               7C90CF7E 5 Bytes  JMP 004995DF 
.text    C:\Program[2708] ntdll.dll!NtCancelIoFile                                                                        7C90CFBE 5 Bytes  JMP 0049A45D 
.text    C:\Program[2708] ntdll.dll!NtClose                                                                               7C90CFEE 5 Bytes  JMP 00498AB1 
.text    C:\Program[2708] ntdll.dll!NtCompactKeys                                                                         7C90D00E 5 Bytes  JMP 0049CDC8 
.text    C:\Program[2708] ntdll.dll!NtCompressKey                                                                         7C90D03E 5 Bytes  JMP 0049CD45 
.text    C:\Program[2708] ntdll.dll!NtCreateFile                                                                          7C90D0AE 5 Bytes  JMP 0049A3BC 
.text    C:\Program[2708] ntdll.dll!NtCreateKey                                                                           7C90D0EE 5 Bytes  JMP 0049CCB0 
.text    C:\Program[2708] ntdll.dll!NtCreateMailslotFile                                                                  7C90D0FE 5 Bytes  JMP 0049A324 
.text    C:\Program[2708] ntdll.dll!NtCreateNamedPipeFile                                                                 7C90D11E 5 Bytes  JMP 0049A27A 
.text    C:\Program[2708] ntdll.dll!NtCreatePagingFile                                                                    7C90D12E 5 Bytes  JMP 0049A1EE 
.text    C:\Program[2708] ntdll.dll!NtCreateProcess                                                                       7C90D14E 5 Bytes  JMP 0049D433 
.text    C:\Program[2708] ntdll.dll!NtCreateProcessEx                                                                     7C90D15E 5 Bytes  JMP 0049D398 
.text    C:\Program[2708] ntdll.dll!NtCreateSection                                                                       7C90D17E 5 Bytes  JMP 0049BC30 
.text    C:\Program[2708] ntdll.dll!NtCreateThread                                                                        7C90D1AE 2 Bytes  JMP 0049D25F 
.text    C:\Program[2708] ntdll.dll!NtCreateThread + 3                                                                    7C90D1B1 2 Bytes  [B9, 83]
.text    C:\Program[2708] ntdll.dll!NtDeleteFile                                                                          7C90D23E 5 Bytes  JMP 0049A16B 
.text    C:\Program[2708] ntdll.dll!NtDeleteKey                                                                           7C90D24E 5 Bytes  JMP 0049CC2D 
.text    C:\Program[2708] ntdll.dll!NtDeleteValueKey                                                                      7C90D26E 5 Bytes  JMP 0049CBA7 
.text    C:\Program[2708] ntdll.dll!NtDeviceIoControlFile                                                                 7C90D27E 5 Bytes  JMP 0049A0CD 
.text    C:\Program[2708] ntdll.dll!NtDuplicateObject                                                                     7C90D29E 5 Bytes  JMP 00498A1C 
.text    C:\Program[2708] ntdll.dll!NtEnumerateKey                                                                        7C90D2CE 5 Bytes  JMP 0049CB15 
.text    C:\Program[2708] ntdll.dll!NtEnumerateValueKey                                                                   7C90D2EE 5 Bytes  JMP 0049CA83 
.text    C:\Program[2708] ntdll.dll!NtExtendSection                                                                       7C90D2FE 5 Bytes  JMP 0049BBAA 
.text    C:\Program[2708] ntdll.dll!NtFlushBuffersFile                                                                    7C90D32E 5 Bytes  JMP 0049A047 
.text    C:\Program[2708] ntdll.dll!NtFlushKey                                                                            7C90D34E 5 Bytes  JMP 0049CA00 
.text    C:\Program[2708] ntdll.dll!NtFsControlFile                                                                       7C90D39E 5 Bytes  JMP 00499FA9 
.text    C:\Program[2708] ntdll.dll!NtLoadKey                                                                             7C90D47E 5 Bytes  JMP 0049C97A 
.text    C:\Program[2708] ntdll.dll!NtLoadKey2                                                                            7C90D48E 5 Bytes  JMP 0049C8F1 
.text    C:\Program[2708] ntdll.dll!NtLockFile                                                                            7C90D49E 5 Bytes  JMP 00499F0B 
.text    C:\Program[2708] ntdll.dll!NtLockRegistryKey                                                                     7C90D4BE 5 Bytes  JMP 0049C7E2 
.text    C:\Program[2708] ntdll.dll!NtMakeTemporaryObject                                                                 7C90D4EE 5 Bytes  JMP 00498999 
.text    C:\Program[2708] ntdll.dll!NtMapViewOfSection                                                                    7C90D51E 5 Bytes  JMP 0049BB0C 
.text    C:\Program[2708] ntdll.dll!NtNotifyChangeDirectoryFile                                                           7C90D53E 5 Bytes  JMP 00499E70 
.text    C:\Program[2708] ntdll.dll!NtNotifyChangeKey                                                                     7C90D54E 5 Bytes  JMP 0049C744 
.text    C:\Program[2708] ntdll.dll!NtNotifyChangeMultipleKeys                                                            7C90D55E 5 Bytes  JMP 0049C6A0 
.text    C:\Program[2708] ntdll.dll!NtOpenFile                                                                            7C90D59E 5 Bytes  JMP 0049A506 
.text    C:\Program[2708] ntdll.dll!NtOpenKey                                                                             7C90D5CE 5 Bytes  JMP 0049C617 
.text    C:\Program[2708] ntdll.dll!NtOpenSection                                                                         7C90D62E 5 Bytes  JMP 0049BA83 
.text    C:\Program[2708] ntdll.dll!NtQueryAttributesFile                                                                 7C90D70E 5 Bytes  JMP 00499DEA 
.text    C:\Program[2708] ntdll.dll!NtQueryDirectoryFile                                                                  7C90D76E 5 Bytes  JMP 00499D49 
.text    C:\Program[2708] ntdll.dll!NtQueryEaFile                                                                         7C90D78E 5 Bytes  JMP 00499CAE 
.text    C:\Program[2708] ntdll.dll!NtQueryFullAttributesFile                                                             7C90D7AE 5 Bytes  JMP 00499C28 
.text    C:\Program[2708] ntdll.dll!NtQueryInformationFile                                                                7C90D7CE 5 Bytes  JMP 00499B99 
.text    C:\Program[2708] ntdll.dll!NtQueryKey                                                                            7C90D85E 5 Bytes  JMP 0049C588 
.text    C:\Program[2708] ntdll.dll!NtQueryMultipleValueKey                                                               7C90D86E 5 Bytes  JMP 0049C4F6 
.text    C:\Program[2708] ntdll.dll!NtQueryObject                                                                         7C90D88E 5 Bytes  JMP 0049890A 
.text    C:\Program[2708] ntdll.dll!NtQueryOpenSubKeys                                                                    7C90D89E 5 Bytes  JMP 0049C470 
.text    C:\Program[2708] ntdll.dll!NtQueryQuotaInformationFile                                                           7C90D8BE 5 Bytes  JMP 00499544 
.text    C:\Program[2708] ntdll.dll!NtQuerySection                                                                        7C90D8CE 5 Bytes  JMP 0049B9F4 
.text    C:\Program[2708] ntdll.dll!NtQuerySecurityObject                                                                 7C90D8DE 5 Bytes  JMP 004985FC 
.text    C:\Program[2708] ntdll.dll!NtQueryValueKey                                                                       7C90D96E 5 Bytes  JMP 0049C352 
.text    C:\Program[2708] ntdll.dll!NtQueryVolumeInformationFile                                                          7C90D98E 5 Bytes  JMP 00499B0A 
.text    C:\Program[2708] ntdll.dll!NtReadFile                                                                            7C90D9CE 5 Bytes  JMP 00499A6F 
.text    C:\Program[2708] ntdll.dll!NtReadFileScatter                                                                     7C90D9DE 5 Bytes  JMP 004999D4 
.text    C:\Program[2708] ntdll.dll!NtRenameKey                                                                           7C90DA5E 5 Bytes  JMP 0049C2CC 
.text    C:\Program[2708] ntdll.dll!NtReplaceKey                                                                          7C90DA6E 5 Bytes  JMP 0049C243 
.text    C:\Program[2708] ntdll.dll!NtRestoreKey                                                                          7C90DB1E 5 Bytes  JMP 0049C1BA 
.text    C:\Program[2708] ntdll.dll!NtSaveKey                                                                             7C90DB4E 5 Bytes  JMP 0049C134 
.text    C:\Program[2708] ntdll.dll!NtSaveKeyEx                                                                           7C90DB5E 5 Bytes  JMP 0049C0AB 
.text    C:\Program[2708] ntdll.dll!NtSaveMergedKeys                                                                      7C90DB6E 5 Bytes  JMP 0049C022 
.text    C:\Program[2708] ntdll.dll!NtSetEaFile                                                                           7C90DBFE 5 Bytes  JMP 00499948 
.text    C:\Program[2708] ntdll.dll!NtSetInformationFile                                                                  7C90DC5E 5 Bytes  JMP 004998B9 
.text    C:\Program[2708] ntdll.dll!NtSetInformationKey                                                                   7C90DC7E 5 Bytes  JMP 0049BF96 
.text    C:\Program[2708] ntdll.dll!NtSetInformationObject                                                                7C90DC8E 5 Bytes  JMP 0049887E 
.text    C:\Program[2708] ntdll.dll!NtSetQuotaInformationFile                                                             7C90DD1E 5 Bytes  JMP 004994B8 
.text    C:\Program[2708] ntdll.dll!NtSetSecurityObject                                                                   7C90DD2E 5 Bytes  JMP 00498573 
.text    C:\Program[2708] ntdll.dll!NtSetValueKey                                                                         7C90DDCE 5 Bytes  JMP 0049BF04 
.text    C:\Program[2708] ntdll.dll!NtSetVolumeInformationFile                                                            7C90DDDE 5 Bytes  JMP 0049982A 
.text    C:\Program[2708] ntdll.dll!NtSignalAndWaitForSingleObject                                                        7C90DDFE 5 Bytes  JMP 004987F1 
.text    C:\Program[2708] ntdll.dll!NtTranslateFilePath                                                                   7C90DEAE 5 Bytes  JMP 0049942C 
.text    C:\Program[2708] ntdll.dll!NtUnloadKey                                                                           7C90DECE 5 Bytes  JMP 0049BE81 
.text    C:\Program[2708] ntdll.dll!NtUnloadKeyEx                                                                         7C90DEDE 5 Bytes  JMP 0049BD75 
.text    C:\Program[2708] ntdll.dll!NtUnlockFile                                                                          7C90DEEE 5 Bytes  JMP 0049979B 
.text    C:\Program[2708] ntdll.dll!NtUnmapViewOfSection                                                                  7C90DF0E 5 Bytes  JMP 0049B96E 
.text    C:\Program[2708] ntdll.dll!NtWaitForMultipleObjects                                                              7C90DF3E 5 Bytes  JMP 0049871F 
.text    C:\Program[2708] ntdll.dll!NtWaitForSingleObject                                                                 7C90DF4E 5 Bytes  JMP 0049868B 
.text    C:\Program[2708] ntdll.dll!NtWriteFile                                                                           7C90DF7E 5 Bytes  JMP 00499700 
.text    C:\Program[2708] ntdll.dll!NtWriteFileGather                                                                     7C90DF8E 5 Bytes  JMP 00499665 
.text    C:\Program[2708] ntdll.dll!LdrShutdownThread                                                                     7C913956 5 Bytes  JMP 0049D587 
.text    C:\Program[2708] kernel32.dll!CreateRemoteThread                                                                 7C8104CC 5 Bytes  JMP 0049D74C 
.text    C:\Program[2708] kernel32.dll!CreateActCtxW                                                                      7C8154FC 5 Bytes  JMP 0049662B 
.text    C:\Program[2708] kernel32.dll!QueryActCtxW                                                                       7C81637B 5 Bytes  JMP 004966DE 
.text    C:\Program[2708] kernel32.dll!CreateProcessInternalW                                                             7C8197B0 5 Bytes  JMP 0049D4CB 
.text    C:\Program[2708] gdi32.dll!GdiAddFontResourceW                                                                   77F1CE11 5 Bytes  JMP 0049D6B0 
.text    C:\Program[2708] gdi32.dll!RemoveFontResourceExW                                                                 77F29281 5 Bytes  JMP 0049D614 
.text    C:\Program[2708] ADVAPI32.dll!CloseServiceHandle                                                                 77DE6CE5 5 Bytes  JMP 00497AC5 
.text    C:\Program[2708] ADVAPI32.dll!QueryServiceStatus                                                                 77DE6D50 5 Bytes  JMP 00497660 
.text    C:\Program[2708] ADVAPI32.dll!OpenSCManagerW                                                                     77DE6F55 5 Bytes  JMP 004969DC 
.text    C:\Program[2708] ADVAPI32.dll!OpenServiceW                                                                       77DE6FFD 5 Bytes  JMP 0049798A 
.text    C:\Program[2708] ADVAPI32.dll!StartServiceA                                                                      77DEFB58 5 Bytes  JMP 004970D8 
.text    C:\Program[2708] ADVAPI32.dll!RegisterServiceCtrlHandlerExA                                                      77DEFEAB 5 Bytes  JMP 004973E4 
.text    C:\Program[2708] ADVAPI32.dll!QueryServiceStatusEx                                                               77DF120A 5 Bytes  JMP 004975BB 
.text    C:\Program[2708] ADVAPI32.dll!QueryServiceConfigA                                                                77DF1596 5 Bytes  JMP 004978E8 
.text    C:\Program[2708] ADVAPI32.dll!SetServiceStatus                                                                   77DF3251 5 Bytes  JMP 004972A9 
.text    C:\Program[2708] ADVAPI32.dll!StartServiceCtrlDispatcherW                                                        77DF359D 5 Bytes  JMP 00497177 
.text    C:\Program[2708] ADVAPI32.dll!RegisterServiceCtrlHandlerExW                                                      77DF3E49 5 Bytes  JMP 00497345 
.text    C:\Program[2708] ADVAPI32.dll!RegisterServiceCtrlHandlerW                                                        77DF3E77 5 Bytes  JMP 00497483 
.text    C:\Program[2708] ADVAPI32.dll!StartServiceW                                                                      77DF3E94 5 Bytes  JMP 00497039 
.text    C:\Program[2708] ADVAPI32.dll!ControlService                                                                     77DF4A09 5 Bytes  JMP 00497A26 
.text    C:\Program[2708] ADVAPI32.dll!OpenServiceA                                                                       77DF4C66 5 Bytes  JMP 00497D33 
.text    C:\Program[2708] ADVAPI32.dll!RegisterServiceCtrlHandlerA                                                        77DF4EC6 5 Bytes  JMP 0049751F 
.text    C:\Program[2708] ADVAPI32.dll!OpenSCManagerA                                                                     77DF69AE 5 Bytes  JMP 00496A3C 
.text    C:\Program[2708] ADVAPI32.dll!EnumServicesStatusA                                                                77DF6B47 5 Bytes  JMP 00496D96 
.text    C:\Program[2708] ADVAPI32.dll!QueryServiceConfigW                                                                77DF6F92 5 Bytes  JMP 00497846 
.text    C:\Program[2708] ADVAPI32.dll!EnumServicesStatusExW                                                              77E369B8 5 Bytes  JMP 00496C34 
.text    C:\Program[2708] ADVAPI32.dll!SetServiceBits                                                                     77E36BF9 5 Bytes  JMP 0049690D 
.text    C:\Program[2708] ADVAPI32.dll!EnumServicesStatusExA                                                              77E36C2F 5 Bytes  JMP 00496CAC 
.text    C:\Program[2708] ADVAPI32.dll!QueryServiceObjectSecurity                                                         77E36D01 5 Bytes  JMP 00496973 
.text    C:\Program[2708] ADVAPI32.dll!SetServiceObjectSecurity                                                           77E36D81 5 Bytes  JMP 004968AA 
.text    C:\Program[2708] ADVAPI32.dll!CreateServiceA                                                                     77E37211 5 Bytes  JMP 00496FBB 
.text    C:\Program[2708] ADVAPI32.dll!CreateServiceW                                                                     77E373A9 5 Bytes  JMP 00496F3D 
.text    C:\Program[2708] ADVAPI32.dll!DeleteService                                                                      77E374B1 5 Bytes  JMP 00496EE0 
.text    C:\Program[2708] ADVAPI32.dll!EnumDependentServicesA                                                             77E37529 5 Bytes  JMP 00496E74 
.text    C:\Program[2708] ADVAPI32.dll!EnumDependentServicesW                                                             77E375E1 5 Bytes  JMP 00496E08 
.text    C:\Program[2708] ADVAPI32.dll!GetServiceDisplayNameA                                                             77E37699 5 Bytes  JMP 00496B02 
.text    C:\Program[2708] ADVAPI32.dll!GetServiceDisplayNameW                                                             77E37739 5 Bytes  JMP 00496A9C 
.text    C:\Program[2708] ADVAPI32.dll!GetServiceKeyNameA                                                                 77E377D9 5 Bytes  JMP 00496BCE 
.text    C:\Program[2708] ADVAPI32.dll!GetServiceKeyNameW                                                                 77E37879 5 Bytes  JMP 00496B68 
.text    C:\Program[2708] ADVAPI32.dll!QueryServiceConfig2A                                                               77E37999 5 Bytes  JMP 004977A1 
.text    C:\Program[2708] ADVAPI32.dll!QueryServiceConfig2W                                                               77E37AB1 5 Bytes  JMP 004976FC 
.text    C:\Program[2708] ADVAPI32.dll!EnumServicesStatusW                                                                77E37D61 5 Bytes  JMP 00496D24 
.text    C:\Program[2708] ADVAPI32.dll!StartServiceCtrlDispatcherA                                                        77E37F09 5 Bytes  JMP 00497210 
.text    C:\Program[2708] ole32.dll!CoCreateInstanceEx                                                                    77500526 5 Bytes  JMP 0049B2B7 
.text    C:\Program[2708] ole32.dll!CoGetClassObject                                                                      775156C5 5 Bytes  JMP 0049B22B 
.text    C:\Program[2708] ole32.dll!CoRegisterClassObject                                                                 77517E90 5 Bytes  JMP 0049B107 
.text    C:\Program[2708] ole32.dll!CoResumeClassObjects + 7                                                              77526D57 5 Bytes  JMP 0049B008 
.text    C:\Program[2708] ole32.dll!CoRevokeClassObject                                                                   7752A2F3 5 Bytes  JMP 0049B084 
.text    C:\Program[2708] ole32.dll!CoGetInstanceFromFile                                                                 775401EA 5 Bytes  JMP 0049B196 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtAreMappedFilesTheSame           7C90CF7E 5 Bytes  JMP 00A195DF 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCancelIoFile                    7C90CFBE 5 Bytes  JMP 00A1A45D 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtClose                           7C90CFEE 5 Bytes  JMP 00A18AB1 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCompactKeys                     7C90D00E 5 Bytes  JMP 00A1CDC8 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCompressKey                     7C90D03E 5 Bytes  JMP 00A1CD45 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateFile                      7C90D0AE 5 Bytes  JMP 00A1A3BC 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateKey                       7C90D0EE 5 Bytes  JMP 00A1CCB0 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateMailslotFile              7C90D0FE 5 Bytes  JMP 00A1A324 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateNamedPipeFile             7C90D11E 5 Bytes  JMP 00A1A27A 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreatePagingFile                7C90D12E 5 Bytes  JMP 00A1A1EE 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateProcess                   7C90D14E 5 Bytes  JMP 00A1D433 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateProcessEx                 7C90D15E 5 Bytes  JMP 00A1D398 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateSection                   7C90D17E 5 Bytes  JMP 00A1BC30 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateThread                    7C90D1AE 2 Bytes  JMP 00A1D25F 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtCreateThread + 3                7C90D1B1 2 Bytes  [11, 84]
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtDeleteFile                      7C90D23E 5 Bytes  JMP 00A1A16B 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtDeleteKey                       7C90D24E 5 Bytes  JMP 00A1CC2D 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtDeleteValueKey                  7C90D26E 5 Bytes  JMP 00A1CBA7 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtDeviceIoControlFile             7C90D27E 5 Bytes  JMP 00A1A0CD 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtDuplicateObject                 7C90D29E 5 Bytes  JMP 00A18A1C 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtEnumerateKey                    7C90D2CE 5 Bytes  JMP 00A1CB15 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtEnumerateValueKey               7C90D2EE 5 Bytes  JMP 00A1CA83 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtExtendSection                   7C90D2FE 5 Bytes  JMP 00A1BBAA 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtFlushBuffersFile                7C90D32E 5 Bytes  JMP 00A1A047 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtFlushKey                        7C90D34E 5 Bytes  JMP 00A1CA00 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtFsControlFile                   7C90D39E 5 Bytes  JMP 00A19FA9 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtLoadKey                         7C90D47E 5 Bytes  JMP 00A1C97A 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtLoadKey2                        7C90D48E 5 Bytes  JMP 00A1C8F1 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtLockFile                        7C90D49E 5 Bytes  JMP 00A19F0B 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtLockRegistryKey                 7C90D4BE 5 Bytes  JMP 00A1C7E2 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtMakeTemporaryObject             7C90D4EE 5 Bytes  JMP 00A18999 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtMapViewOfSection                7C90D51E 5 Bytes  JMP 00A1BB0C 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtNotifyChangeDirectoryFile       7C90D53E 5 Bytes  JMP 00A19E70 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtNotifyChangeKey                 7C90D54E 5 Bytes  JMP 00A1C744 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtNotifyChangeMultipleKeys        7C90D55E 5 Bytes  JMP 00A1C6A0 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtOpenFile                        7C90D59E 5 Bytes  JMP 00A1A506 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtOpenKey                         7C90D5CE 5 Bytes  JMP 00A1C617 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtOpenSection                     7C90D62E 5 Bytes  JMP 00A1BA83 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryAttributesFile             7C90D70E 5 Bytes  JMP 00A19DEA 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryDirectoryFile              7C90D76E 5 Bytes  JMP 00A19D49 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryEaFile                     7C90D78E 5 Bytes  JMP 00A19CAE 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryFullAttributesFile         7C90D7AE 5 Bytes  JMP 00A19C28 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryInformationFile            7C90D7CE 5 Bytes  JMP 00A19B99 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryKey                        7C90D85E 5 Bytes  JMP 00A1C588 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryMultipleValueKey           7C90D86E 5 Bytes  JMP 00A1C4F6 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryObject                     7C90D88E 5 Bytes  JMP 00A1890A 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryOpenSubKeys                7C90D89E 5 Bytes  JMP 00A1C470 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryQuotaInformationFile       7C90D8BE 5 Bytes  JMP 00A19544 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQuerySection                    7C90D8CE 5 Bytes  JMP 00A1B9F4 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQuerySecurityObject             7C90D8DE 5 Bytes  JMP 00A185FC 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryValueKey                   7C90D96E 5 Bytes  JMP 00A1C352 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtQueryVolumeInformationFile      7C90D98E 5 Bytes  JMP 00A19B0A 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtReadFile                        7C90D9CE 5 Bytes  JMP 00A19A6F 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtReadFileScatter                 7C90D9DE 5 Bytes  JMP 00A199D4 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtRenameKey                       7C90DA5E 5 Bytes  JMP 00A1C2CC 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtReplaceKey                      7C90DA6E 5 Bytes  JMP 00A1C243 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtRestoreKey                      7C90DB1E 5 Bytes  JMP 00A1C1BA 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSaveKey                         7C90DB4E 5 Bytes  JMP 00A1C134 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSaveKeyEx                       7C90DB5E 5 Bytes  JMP 00A1C0AB 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSaveMergedKeys                  7C90DB6E 5 Bytes  JMP 00A1C022 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetEaFile                       7C90DBFE 5 Bytes  JMP 00A19948 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetInformationFile              7C90DC5E 5 Bytes  JMP 00A198B9 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetInformationKey               7C90DC7E 5 Bytes  JMP 00A1BF96 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetInformationObject            7C90DC8E 5 Bytes  JMP 00A1887E 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetQuotaInformationFile         7C90DD1E 5 Bytes  JMP 00A194B8 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetSecurityObject               7C90DD2E 5 Bytes  JMP 00A18573 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetValueKey                     7C90DDCE 5 Bytes  JMP 00A1BF04 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSetVolumeInformationFile        7C90DDDE 5 Bytes  JMP 00A1982A 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtSignalAndWaitForSingleObject    7C90DDFE 5 Bytes  JMP 00A187F1 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtTranslateFilePath               7C90DEAE 5 Bytes  JMP 00A1942C 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtUnloadKey                       7C90DECE 5 Bytes  JMP 00A1BE81 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtUnloadKeyEx                     7C90DEDE 5 Bytes  JMP 00A1BD75 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtUnlockFile                      7C90DEEE 5 Bytes  JMP 00A1979B 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtUnmapViewOfSection              7C90DF0E 5 Bytes  JMP 00A1B96E 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtWaitForMultipleObjects          7C90DF3E 5 Bytes  JMP 00A1871F 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtWaitForSingleObject             7C90DF4E 5 Bytes  JMP 00A1868B 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtWriteFile                       7C90DF7E 5 Bytes  JMP 00A19700 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!NtWriteFileGather                 7C90DF8E 5 Bytes  JMP 00A19665 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ntdll.dll!LdrShutdownThread                 7C913956 5 Bytes  JMP 00A1D587 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] kernel32.dll!CreateRemoteThread             7C8104CC 5 Bytes  JMP 00A1D74C 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] kernel32.dll!CreateActCtxW                  7C8154FC 5 Bytes  JMP 00A1662B 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] kernel32.dll!QueryActCtxW                   7C81637B 5 Bytes  JMP 00A166DE 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] kernel32.dll!CreateProcessInternalW         7C8197B0 5 Bytes  JMP 00A1D4CB 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] gdi32.dll!GdiAddFontResourceW               77F1CE11 5 Bytes  JMP 00A1D6B0 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] gdi32.dll!RemoveFontResourceExW             77F29281 5 Bytes  JMP 00A1D614 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!CloseServiceHandle             77DE6CE5 5 Bytes  JMP 00A17AC5 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!QueryServiceStatus             77DE6D50 5 Bytes  JMP 00A17660 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!OpenSCManagerW                 77DE6F55 5 Bytes  JMP 00A169DC 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!OpenServiceW                   77DE6FFD 5 Bytes  JMP 00A1798A 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!StartServiceA                  77DEFB58 5 Bytes  JMP 00A170D8 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!RegisterServiceCtrlHandlerExA  77DEFEAB 5 Bytes  JMP 00A173E4 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!QueryServiceStatusEx           77DF120A 5 Bytes  JMP 00A175BB 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!QueryServiceConfigA            77DF1596 5 Bytes  JMP 00A178E8 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!SetServiceStatus               77DF3251 5 Bytes  JMP 00A172A9 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!StartServiceCtrlDispatcherW    77DF359D 5 Bytes  JMP 00A17177 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!RegisterServiceCtrlHandlerExW  77DF3E49 5 Bytes  JMP 00A17345 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!RegisterServiceCtrlHandlerW    77DF3E77 5 Bytes  JMP 00A17483 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!StartServiceW                  77DF3E94 5 Bytes  JMP 00A17039 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!ControlService                 77DF4A09 5 Bytes  JMP 00A17A26 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!OpenServiceA                   77DF4C66 5 Bytes  JMP 00A17D33 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!RegisterServiceCtrlHandlerA    77DF4EC6 5 Bytes  JMP 00A1751F 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!OpenSCManagerA                 77DF69AE 5 Bytes  JMP 00A16A3C 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!EnumServicesStatusA            77DF6B47 5 Bytes  JMP 00A16D96 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!QueryServiceConfigW            77DF6F92 5 Bytes  JMP 00A17846 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!EnumServicesStatusExW          77E369B8 5 Bytes  JMP 00A16C34 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!SetServiceBits                 77E36BF9 5 Bytes  JMP 00A1690D 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!EnumServicesStatusExA          77E36C2F 5 Bytes  JMP 00A16CAC 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!QueryServiceObjectSecurity     77E36D01 5 Bytes  JMP 00A16973 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity       77E36D81 5 Bytes  JMP 00A168AA 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!CreateServiceA                 77E37211 5 Bytes  JMP 00A16FBB 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!CreateServiceW                 77E373A9 5 Bytes  JMP 00A16F3D 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!DeleteService                  77E374B1 5 Bytes  JMP 00A16EE0 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!EnumDependentServicesA         77E37529 5 Bytes  JMP 00A16E74 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!EnumDependentServicesW         77E375E1 5 Bytes  JMP 00A16E08 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!GetServiceDisplayNameA         77E37699 5 Bytes  JMP 00A16B02 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!GetServiceDisplayNameW         77E37739 5 Bytes  JMP 00A16A9C 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!GetServiceKeyNameA             77E377D9 5 Bytes  JMP 00A16BCE 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!GetServiceKeyNameW             77E37879 5 Bytes  JMP 00A16B68 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!QueryServiceConfig2A           77E37999 5 Bytes  JMP 00A177A1 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!QueryServiceConfig2W           77E37AB1 5 Bytes  JMP 00A176FC 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!EnumServicesStatusW            77E37D61 5 Bytes  JMP 00A16D24 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ADVAPI32.dll!StartServiceCtrlDispatcherA    77E37F09 5 Bytes  JMP 00A17210 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ole32.dll!CoCreateInstanceEx                77500526 5 Bytes  JMP 00A1B2B7 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ole32.dll!CoGetClassObject                  775156C5 5 Bytes  JMP 00A1B22B 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ole32.dll!CoRegisterClassObject             77517E90 5 Bytes  JMP 00A1B107 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ole32.dll!CoResumeClassObjects + 7          77526D57 5 Bytes  JMP 00A1B008 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ole32.dll!CoRevokeClassObject               7752A2F3 5 Bytes  JMP 00A1B084 
.text    C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe[3116] ole32.dll!CoGetInstanceFromFile             775401EA 5 Bytes  JMP 00A1B196 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtAreMappedFilesTheSame                   7C90CF7E 5 Bytes  JMP 005495DF 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCancelIoFile                            7C90CFBE 5 Bytes  JMP 0054A45D 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtClose                                   7C90CFEE 5 Bytes  JMP 00548AB1 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCompactKeys                             7C90D00E 5 Bytes  JMP 0054CDC8 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCompressKey                             7C90D03E 5 Bytes  JMP 0054CD45 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateFile                              7C90D0AE 5 Bytes  JMP 0054A3BC 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateKey                               7C90D0EE 5 Bytes  JMP 0054CCB0 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateMailslotFile                      7C90D0FE 5 Bytes  JMP 0054A324 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateNamedPipeFile                     7C90D11E 5 Bytes  JMP 0054A27A 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreatePagingFile                        7C90D12E 5 Bytes  JMP 0054A1EE 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateProcess                           7C90D14E 5 Bytes  JMP 0054D433 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateProcessEx                         7C90D15E 5 Bytes  JMP 0054D398 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateSection                           7C90D17E 5 Bytes  JMP 0054BC30 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateThread                            7C90D1AE 2 Bytes  JMP 0054D25F 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtCreateThread + 3                        7C90D1B1 2 Bytes  [C4, 83]
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtDeleteFile                              7C90D23E 5 Bytes  JMP 0054A16B 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtDeleteKey                               7C90D24E 5 Bytes  JMP 0054CC2D 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtDeleteValueKey                          7C90D26E 5 Bytes  JMP 0054CBA7 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtDeviceIoControlFile                     7C90D27E 5 Bytes  JMP 0054A0CD 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtDuplicateObject                         7C90D29E 5 Bytes  JMP 00548A1C 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtEnumerateKey                            7C90D2CE 5 Bytes  JMP 0054CB15 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtEnumerateValueKey                       7C90D2EE 5 Bytes  JMP 0054CA83 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtExtendSection                           7C90D2FE 5 Bytes  JMP 0054BBAA 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtFlushBuffersFile                        7C90D32E 5 Bytes  JMP 0054A047 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtFlushKey                                7C90D34E 5 Bytes  JMP 0054CA00 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtFsControlFile                           7C90D39E 5 Bytes  JMP 00549FA9 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtLoadKey                                 7C90D47E 5 Bytes  JMP 0054C97A 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtLoadKey2                                7C90D48E 5 Bytes  JMP 0054C8F1 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtLockFile                                7C90D49E 5 Bytes  JMP 00549F0B 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtLockRegistryKey                         7C90D4BE 5 Bytes  JMP 0054C7E2 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtMakeTemporaryObject                     7C90D4EE 5 Bytes  JMP 00548999 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtMapViewOfSection                        7C90D51E 5 Bytes  JMP 0054BB0C 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtNotifyChangeDirectoryFile               7C90D53E 5 Bytes  JMP 00549E70 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtNotifyChangeKey                         7C90D54E 5 Bytes  JMP 0054C744 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtNotifyChangeMultipleKeys                7C90D55E 5 Bytes  JMP 0054C6A0 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtOpenFile                                7C90D59E 5 Bytes  JMP 0054A506 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtOpenKey                                 7C90D5CE 5 Bytes  JMP 0054C617 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtOpenSection                             7C90D62E 5 Bytes  JMP 0054BA83 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryAttributesFile                     7C90D70E 5 Bytes  JMP 00549DEA 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryDirectoryFile                      7C90D76E 5 Bytes  JMP 00549D49 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryEaFile                             7C90D78E 5 Bytes  JMP 00549CAE 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryFullAttributesFile                 7C90D7AE 5 Bytes  JMP 00549C28 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryInformationFile                    7C90D7CE 5 Bytes  JMP 00549B99 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryKey                                7C90D85E 5 Bytes  JMP 0054C588 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryMultipleValueKey                   7C90D86E 5 Bytes  JMP 0054C4F6 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryObject                             7C90D88E 5 Bytes  JMP 0054890A 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryOpenSubKeys                        7C90D89E 5 Bytes  JMP 0054C470 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryQuotaInformationFile               7C90D8BE 5 Bytes  JMP 00549544 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQuerySection                            7C90D8CE 5 Bytes  JMP 0054B9F4 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQuerySecurityObject                     7C90D8DE 5 Bytes  JMP 005485FC 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryValueKey                           7C90D96E 5 Bytes  JMP 0054C352 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtQueryVolumeInformationFile              7C90D98E 5 Bytes  JMP 00549B0A 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtReadFile                                7C90D9CE 5 Bytes  JMP 00549A6F 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtReadFileScatter                         7C90D9DE 5 Bytes  JMP 005499D4 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtRenameKey                               7C90DA5E 5 Bytes  JMP 0054C2CC 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtReplaceKey                              7C90DA6E 5 Bytes  JMP 0054C243 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtRestoreKey                              7C90DB1E 5 Bytes  JMP 0054C1BA 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSaveKey                                 7C90DB4E 5 Bytes  JMP 0054C134 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSaveKeyEx                               7C90DB5E 5 Bytes  JMP 0054C0AB 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSaveMergedKeys                          7C90DB6E 5 Bytes  JMP 0054C022 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetEaFile                               7C90DBFE 5 Bytes  JMP 00549948 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetInformationFile                      7C90DC5E 5 Bytes  JMP 005498B9 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetInformationKey                       7C90DC7E 5 Bytes  JMP 0054BF96 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetInformationObject                    7C90DC8E 5 Bytes  JMP 0054887E 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetQuotaInformationFile                 7C90DD1E 5 Bytes  JMP 005494B8 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetSecurityObject                       7C90DD2E 5 Bytes  JMP 00548573 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetValueKey                             7C90DDCE 5 Bytes  JMP 0054BF04 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSetVolumeInformationFile                7C90DDDE 5 Bytes  JMP 0054982A 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtSignalAndWaitForSingleObject            7C90DDFE 5 Bytes  JMP 005487F1 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtTranslateFilePath                       7C90DEAE 5 Bytes  JMP 0054942C 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtUnloadKey                               7C90DECE 5 Bytes  JMP 0054BE81 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtUnloadKeyEx                             7C90DEDE 5 Bytes  JMP 0054BD75 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtUnlockFile                              7C90DEEE 5 Bytes  JMP 0054979B 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtUnmapViewOfSection                      7C90DF0E 5 Bytes  JMP 0054B96E 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtWaitForMultipleObjects                  7C90DF3E 5 Bytes  JMP 0054871F 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtWaitForSingleObject                     7C90DF4E 5 Bytes  JMP 0054868B 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtWriteFile                               7C90DF7E 5 Bytes  JMP 00549700 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!NtWriteFileGather                         7C90DF8E 5 Bytes  JMP 00549665 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ntdll.dll!LdrShutdownThread                         7C913956 5 Bytes  JMP 0054D587 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] kernel32.dll!CreateRemoteThread                     7C8104CC 5 Bytes  JMP 0054D74C 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] kernel32.dll!CreateActCtxW                          7C8154FC 5 Bytes  JMP 0054662B 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] kernel32.dll!QueryActCtxW                           7C81637B 5 Bytes  JMP 005466DE 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] kernel32.dll!CreateProcessInternalW                 7C8197B0 5 Bytes  JMP 0054D4CB 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] gdi32.dll!GdiAddFontResourceW                       77F1CE11 5 Bytes  JMP 0054D6B0 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] gdi32.dll!RemoveFontResourceExW                     77F29281 5 Bytes  JMP 0054D614 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!CloseServiceHandle                     77DE6CE5 5 Bytes  JMP 00547AC5 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceStatus                     77DE6D50 5 Bytes  JMP 00547660 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!OpenSCManagerW                         77DE6F55 5 Bytes  JMP 005469DC 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!OpenServiceW                           77DE6FFD 5 Bytes  JMP 0054798A 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!StartServiceA                          77DEFB58 5 Bytes  JMP 005470D8 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!RegisterServiceCtrlHandlerExA          77DEFEAB 5 Bytes  JMP 005473E4 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceStatusEx                   77DF120A 5 Bytes  JMP 005475BB 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceConfigA                    77DF1596 5 Bytes  JMP 005478E8 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!SetServiceStatus                       77DF3251 5 Bytes  JMP 005472A9 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!StartServiceCtrlDispatcherW            77DF359D 5 Bytes  JMP 00547177 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!RegisterServiceCtrlHandlerExW          77DF3E49 5 Bytes  JMP 00547345 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!RegisterServiceCtrlHandlerW            77DF3E77 5 Bytes  JMP 00547483 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!StartServiceW                          77DF3E94 5 Bytes  JMP 00547039 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!ControlService                         77DF4A09 5 Bytes  JMP 00547A26 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!OpenServiceA                           77DF4C66 5 Bytes  JMP 00547D33 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!RegisterServiceCtrlHandlerA            77DF4EC6 5 Bytes  JMP 0054751F 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!OpenSCManagerA                         77DF69AE 5 Bytes  JMP 00546A3C 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!EnumServicesStatusA                    77DF6B47 5 Bytes  JMP 00546D96 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceConfigW                    77DF6F92 5 Bytes  JMP 00547846 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!EnumServicesStatusExW                  77E369B8 5 Bytes  JMP 00546C34 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!SetServiceBits                         77E36BF9 5 Bytes  JMP 0054690D 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!EnumServicesStatusExA                  77E36C2F 5 Bytes  JMP 00546CAC 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceObjectSecurity             77E36D01 3 Bytes  JMP 00546973 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceObjectSecurity + 4         77E36D05 1 Byte  [88]
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity               77E36D81 5 Bytes  JMP 005468AA 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!CreateServiceA                         77E37211 5 Bytes  JMP 00546FBB 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!CreateServiceW                         77E373A9 5 Bytes  JMP 00546F3D 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!DeleteService                          77E374B1 5 Bytes  JMP 00546EE0 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!EnumDependentServicesA                 77E37529 5 Bytes  JMP 00546E74 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!EnumDependentServicesW                 77E375E1 5 Bytes  JMP 00546E08 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!GetServiceDisplayNameA                 77E37699 5 Bytes  JMP 00546B02 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!GetServiceDisplayNameW                 77E37739 5 Bytes  JMP 00546A9C 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!GetServiceKeyNameA                     77E377D9 5 Bytes  JMP 00546BCE 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!GetServiceKeyNameW                     77E37879 5 Bytes  JMP 00546B68 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceConfig2A                   77E37999 5 Bytes  JMP 005477A1 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!QueryServiceConfig2W                   77E37AB1 5 Bytes  JMP 005476FC 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!EnumServicesStatusW                    77E37D61 5 Bytes  JMP 00546D24 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ADVAPI32.dll!StartServiceCtrlDispatcherA            77E37F09 5 Bytes  JMP 00547210 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ole32.dll!CoCreateInstanceEx                        77500526 5 Bytes  JMP 0054B2B7 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ole32.dll!CoGetClassObject                          775156C5 5 Bytes  JMP 0054B22B 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ole32.dll!CoRegisterClassObject                     77517E90 5 Bytes  JMP 0054B107 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ole32.dll!CoResumeClassObjects + 7                  77526D57 5 Bytes  JMP 0054B008 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ole32.dll!CoRevokeClassObject                       7752A2F3 5 Bytes  JMP 0054B084 
.text    C:\Program Files\RVG Software\Holdem Manager\HMHud.exe[3844] ole32.dll!CoGetInstanceFromFile                     775401EA 5 Bytes  JMP 0054B196 
---- Processes - GMER 1.0.15 ----

Library  C:\Program (*** hidden *** ) @ C:\Program [2708]                                                                 0x00400000                       
Library  C:\Program (*** hidden *** ) @ C:\Program [2708]                                                                 0x07910000                       
Library  C:\Program (*** hidden *** ) @ C:\Program [2708]                                                                 0x07E10000                       
Library  C:\Program (*** hidden *** ) @ C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe [3116]             0x048D0000                       
Library  C:\Program (*** hidden *** ) @ C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe [3116]             0x063E0000                       
Library  C:\Program (*** hidden *** ) @ C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe [3116]             0x06460000                       
Library  C:\Program (*** hidden *** ) @ C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe [3116]             0x0BEB0000                       

---- EOF - GMER 1.0.15 ----
I'm aware that MBAM also detected HEM as malware. I have the protection module, and it constantly tries to block it and I have to ignore it. Is this something that HEM needs to fix on their end?

Does anything else on this GMER scan look threatening? My computer is like 1.5 months old. I have Avira and MBAM Full Version running at all times, as well as NoScript.

Thanks for your help!
GMER Scan says HEM is a rootkit? Quote
08-19-2009 , 05:47 PM
#2
LirvA's Avatar
LirvA
View Profile Find Posts By LirvA Find Threads By LirvA
banned
Join Date: Sep 2007 Posts: 43,568
Log looks clean. Most of those are Microsoft Windows files. HEM is not malicious in any way. Legitimate software often has hidden files, folders, or registry keys, anti virus software in particular.


Quote:
Is this something that HEM needs to fix on their end?
No, these are false positives. MBAM should be in the process of fixing them. Search back a few days for HEM trojan thread.
GMER Scan says HEM is a rootkit? Quote
08-19-2009 , 05:55 PM
#3
rbhambha's Avatar
rbhambha
View Profile Send Message Find Posts By rbhambha Find Threads By rbhambha
journeyman
Join Date: Mar 2008 Posts: 386
Thanks for the assistance Lirva!
GMER Scan says HEM is a rootkit? Quote
08-19-2009 , 06:37 PM
#4
LirvA's Avatar
LirvA
View Profile Find Posts By LirvA Find Threads By LirvA
banned
Join Date: Sep 2007 Posts: 43,568
You're welcome.
GMER Scan says HEM is a rootkit? Quote
Post Reply Subscribe
...
      
Feedback is used for internal purposes. LEARN MORE
Contact Us Privacy Statement TOS
Top
Powered by:  Hand2Note
Copyright ©2008-2022, Hand2Note Interactive LTD
m