GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-27 22:11:41 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000007a ST950032 rev.0002 Running: 0nt7vrtt.exe; Driver: C:\Users\Aga\AppData\Local\Temp\uxriapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E641374] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8EAFC2B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E643996] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E6439EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E643B04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E6438EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E643A3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E643940] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E643AB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E641398] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8EAFC368] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E641162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E6413BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E643EFC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E641E54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E6439C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E643A16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E643B2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E643918] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E643A7E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E64396E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E643ADC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8EAFC400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E641D1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E6413E0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E641404] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E6411BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E6412F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E6412D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E64131C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E641428] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EB119A6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82C5C349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C95D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C9CD80 4 Bytes [74, 13, 64, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C9CDA8 4 Bytes [B8, C2, AF, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C9CE5C 8 Bytes [96, 39, 64, 8E, EE, 39, 64, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C9CE68 4 Bytes [04, 3B, 64, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C9CE84 4 Bytes [EC, 38, 64, 8E] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E29BE8 5 Bytes JMP 8EB0D3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82E421B8 5 Bytes JMP 8EB0EE9C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E572FF 4 Bytes CALL 8E6424C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E710D1 4 Bytes CALL 8E6424DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EFAF10 7 Bytes JMP 8EB119AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[336] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[336] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[336] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[336] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 003E0A08 .text C:\Windows\system32\svchost.exe[336] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 003E03FC .text C:\Windows\system32\svchost.exe[336] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 003E0804 .text C:\Windows\system32\svchost.exe[336] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 003E01F8 .text C:\Windows\system32\svchost.exe[336] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 003E0600 .text C:\Windows\system32\Dwm.exe[380] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\Dwm.exe[380] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\Dwm.exe[380] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[380] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\Dwm.exe[380] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000C03FC .text C:\Windows\system32\Dwm.exe[380] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\Dwm.exe[380] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\Dwm.exe[380] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[396] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[460] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[460] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[460] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[460] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[460] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000603FC .text C:\Windows\system32\wininit.exe[460] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[460] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[460] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00060600 .text C:\Windows\system32\csrss.exe[472] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001801F8 .text C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe[476] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00180600 .text C:\Windows\Explorer.EXE[500] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[500] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[500] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\Explorer.EXE[500] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00110A08 .text C:\Windows\Explorer.EXE[500] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001103FC .text C:\Windows\Explorer.EXE[500] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00110804 .text C:\Windows\Explorer.EXE[500] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001101F8 .text C:\Windows\Explorer.EXE[500] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00110600 .text C:\Windows\system32\services.exe[508] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[508] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[508] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[524] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\lsass.exe[524] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\lsass.exe[524] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[524] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00030A08 .text C:\Windows\system32\lsass.exe[524] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000303FC .text C:\Windows\system32\lsass.exe[524] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00030804 .text C:\Windows\system32\lsass.exe[524] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000301F8 .text C:\Windows\system32\lsass.exe[524] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00030600 .text C:\Windows\system32\lsm.exe[532] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\lsm.exe[532] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\lsm.exe[532] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[636] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[636] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[636] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[716] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Windows\system32\nvvsvc.exe[716] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Windows\system32\nvvsvc.exe[716] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[716] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\nvvsvc.exe[716] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\nvvsvc.exe[716] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\nvvsvc.exe[716] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\nvvsvc.exe[716] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[756] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[756] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[756] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[820] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[820] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[820] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\System32\svchost.exe[820] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Windows\System32\svchost.exe[820] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Windows\System32\svchost.exe[820] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Windows\System32\svchost.exe[820] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Windows\System32\svchost.exe[852] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[852] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00470A08 .text C:\Windows\System32\svchost.exe[852] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 004703FC .text C:\Windows\System32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00470804 .text C:\Windows\System32\svchost.exe[852] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 004701F8 .text C:\Windows\System32\svchost.exe[852] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00470600 .text C:\Windows\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[880] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 010C0A08 .text C:\Windows\system32\svchost.exe[880] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 010C03FC .text C:\Windows\system32\svchost.exe[880] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 010C0804 .text C:\Windows\system32\svchost.exe[880] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 010C01F8 .text C:\Windows\system32\svchost.exe[880] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 010C0600 .text C:\Windows\system32\winlogon.exe[936] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[936] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[936] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[936] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[936] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[936] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[936] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[936] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00050600 .text C:\Windows\system32\AUDIODG.EXE[1024] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00440A08 .text C:\Windows\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 004403FC .text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00440804 .text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 004401F8 .text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00440600 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[1180] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1332] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[1332] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1332] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1332] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\wbem\wmiprvse.exe[1332] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001003FC .text C:\Windows\system32\wbem\wmiprvse.exe[1332] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00100804 .text C:\Windows\system32\wbem\wmiprvse.exe[1332] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1332] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\FBAgent.exe[1368] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Windows\system32\FBAgent.exe[1368] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Windows\system32\FBAgent.exe[1368] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\FBAgent.exe[1368] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\FBAgent.exe[1368] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\FBAgent.exe[1368] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\FBAgent.exe[1368] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\FBAgent.exe[1368] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00190A08 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001903FC .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00190804 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001901F8 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1412] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00190600 .text C:\Windows\system32\nvvsvc.exe[1460] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Windows\system32\nvvsvc.exe[1460] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Windows\system32\nvvsvc.exe[1460] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1460] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\nvvsvc.exe[1460] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\nvvsvc.exe[1460] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\nvvsvc.exe[1460] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\nvvsvc.exe[1460] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[1480] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[1504] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!SetUnhandledExceptionFilter 77C1F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001801F8 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1652] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00180600 .text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[1932] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00140A08 .text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001403FC .text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00140804 .text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001401F8 .text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00140600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002003FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00200804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002001F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[1936] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00200600 .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\ASUS\ATK Media\DMedia.exe[2024] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\iPod\bin\iPodService.exe[2036] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\iPod\bin\iPodService.exe[2036] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\iPod\bin\iPodService.exe[2036] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[2036] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00210A08 .text C:\Program Files\iPod\bin\iPodService.exe[2036] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002103FC .text C:\Program Files\iPod\bin\iPodService.exe[2036] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00210804 .text C:\Program Files\iPod\bin\iPodService.exe[2036] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002101F8 .text C:\Program Files\iPod\bin\iPodService.exe[2036] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00210600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002003FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00200804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002001F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00200600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00190A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001903FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00190804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001901F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2136] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00190600 .text C:\Windows\system32\taskhost.exe[2156] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[2156] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[2156] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2156] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[2156] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[2156] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[2156] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[2156] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 000E0600 .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe[2240] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001503FC .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001501F8 .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 002F0A08 .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002F03FC .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 002F0804 .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002F01F8 .text C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe[2248] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 002F0600 .text C:\Windows\system32\taskeng.exe[2336] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2336] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2336] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2336] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\taskeng.exe[2336] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000F03FC .text C:\Windows\system32\taskeng.exe[2336] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\taskeng.exe[2336] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\taskeng.exe[2336] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 000F0600 .text C:\Windows\system32\crypserv.exe[2436] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Windows\system32\crypserv.exe[2436] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Windows\system32\crypserv.exe[2436] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\crypserv.exe[2436] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00190A08 .text C:\Windows\system32\crypserv.exe[2436] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001903FC .text C:\Windows\system32\crypserv.exe[2436] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00190804 .text C:\Windows\system32\crypserv.exe[2436] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001901F8 .text C:\Windows\system32\crypserv.exe[2436] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00190600 .text C:\Windows\system32\svchost.exe[2468] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2468] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2468] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2468] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00510A08 .text C:\Windows\system32\svchost.exe[2468] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 005103FC .text C:\Windows\system32\svchost.exe[2468] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00510804 .text C:\Windows\system32\svchost.exe[2468] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 005101F8 .text C:\Windows\system32\svchost.exe[2468] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00510600 .text C:\Windows\system32\svchost.exe[2524] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[2524] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001503FC .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001501F8 .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00270A08 .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002703FC .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00270804 .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002701F8 .text C:\BMWgroup\ETKLokal\transbase\tbmux32.exe[2568] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00270600 .text C:\Program Files\P4G\BatteryLife.exe[2820] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\P4G\BatteryLife.exe[2820] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\P4G\BatteryLife.exe[2820] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\P4G\BatteryLife.exe[2820] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00320A08 .text C:\Program Files\P4G\BatteryLife.exe[2820] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 003203FC .text C:\Program Files\P4G\BatteryLife.exe[2820] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00320804 .text C:\Program Files\P4G\BatteryLife.exe[2820] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 003201F8 .text C:\Program Files\P4G\BatteryLife.exe[2820] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00320600 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001801F8 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[2856] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00180600 .text C:\Windows\system32\taskhost.exe[2996] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[2996] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[2996] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2996] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskhost.exe[2996] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000703FC .text C:\Windows\system32\taskhost.exe[2996] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00070804 .text C:\Windows\system32\taskhost.exe[2996] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskhost.exe[2996] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00070600 .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00220A08 .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002203FC .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00220804 .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002201F8 .text C:\Program Files\ASUS\Splendid\ACMON.exe[3080] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00220600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00210A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002103FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00210804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002101F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3128] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00210600 .text C:\Windows\System32\ACEngSvr.exe[3304] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001503FC .text C:\Windows\System32\ACEngSvr.exe[3304] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001501F8 .text C:\Windows\System32\ACEngSvr.exe[3304] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\ACEngSvr.exe[3304] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 002E0A08 .text C:\Windows\System32\ACEngSvr.exe[3304] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002E03FC .text C:\Windows\System32\ACEngSvr.exe[3304] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 002E0804 .text C:\Windows\System32\ACEngSvr.exe[3304] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002E01F8 .text C:\Windows\System32\ACEngSvr.exe[3304] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 002E0600 .text C:\Windows\system32\SearchIndexer.exe[3340] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[3340] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[3340] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000903FC .text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00090804 .text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[3340] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00090600 .text C:\Windows\System32\svchost.exe[3456] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3456] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3456] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[3456] user32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00310A08 .text C:\Windows\System32\svchost.exe[3456] user32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 003103FC .text C:\Windows\System32\svchost.exe[3456] user32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00310804 .text C:\Windows\System32\svchost.exe[3456] user32.dll!SetWinEventHook 776824DC 5 Bytes JMP 003101F8 .text C:\Windows\System32\svchost.exe[3456] user32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00310600 .text C:\Program Files\Elantech\ETDCtrl.exe[3460] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Elantech\ETDCtrl.exe[3460] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Elantech\ETDCtrl.exe[3460] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[3460] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Elantech\ETDCtrl.exe[3460] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002003FC .text C:\Program Files\Elantech\ETDCtrl.exe[3460] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00200804 .text C:\Program Files\Elantech\ETDCtrl.exe[3460] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002001F8 .text C:\Program Files\Elantech\ETDCtrl.exe[3460] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00200600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3528] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00100600 .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001503FC .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001501F8 .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] user32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] user32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001E03FC .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] user32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001E0804 .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] user32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001E01F8 .text C:\Program Files\MC-610\MC-610 Innovation G-Laser Mouse\1.0\ACQTMAPP.exe[3692] user32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3704] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3724] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[3748] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Program Files\iTunes\iTunesHelper.exe[3748] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Program Files\iTunes\iTunesHelper.exe[3748] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[3748] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00090A08 .text C:\Program Files\iTunes\iTunesHelper.exe[3748] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000903FC .text C:\Program Files\iTunes\iTunesHelper.exe[3748] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00090804 .text C:\Program Files\iTunes\iTunesHelper.exe[3748] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000901F8 .text C:\Program Files\iTunes\iTunesHelper.exe[3748] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3756] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00210600 .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00330A08 .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 003303FC .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00330804 .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 003301F8 .text C:\Nokia\Nokia PC Suite 7\PCSuite.exe[3816] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00330600 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00300A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 003003FC .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00300804 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 003001F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe[3908] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00300600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00180804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001801F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3976] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001E03FC .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001E0804 .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001E01F8 .text C:\Program Files\ASUS\NB Probe\NBProbe.exe[3980] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001E0600 .text C:\Users\Aga\Downloads\0nt7vrtt.exe[4020] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 002E0A08 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002E03FC .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 002E0804 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002E01F8 .text C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe[4216] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 002E0600 .text C:\Windows\system32\wbem\wmiprvse.exe[4248] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[4248] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[4248] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4248] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00200A08 .text C:\Windows\system32\wbem\wmiprvse.exe[4248] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 002003FC .text C:\Windows\system32\wbem\wmiprvse.exe[4248] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00200804 .text C:\Windows\system32\wbem\wmiprvse.exe[4248] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 002001F8 .text C:\Windows\system32\wbem\wmiprvse.exe[4248] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00200600 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001F03FC .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001F0804 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[4436] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001F0600 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtCreateFile + 6 77AC55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtCreateFile + B 77AC55D3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtMapViewOfSection + 6 77AC5C2E 1 Byte [28] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtMapViewOfSection + 6 77AC5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtMapViewOfSection + B 77AC5C33 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenFile + 6 77AC5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenFile + B 77AC5CE3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcess + 6 77AC5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcess + B 77AC5D93 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcessToken + B 77AC5DA3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcessTokenEx + 6 77AC5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenProcessTokenEx + B 77AC5DB3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThread + 6 77AC5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThread + B 77AC5E13 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThreadToken + 6 77AC5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThreadToken + B 77AC5E23 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtOpenThreadTokenEx + B 77AC5E33 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtQueryAttributesFile + 6 77AC5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtQueryAttributesFile + B 77AC5F43 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtQueryFullAttributesFile + B 77AC5FF3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationFile + 6 77AC663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationFile + B 77AC6643 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationThread + 6 77AC669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtSetInformationThread + B 77AC66A3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtUnmapViewOfSection + 6 77AC69BE 1 Byte [68] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtUnmapViewOfSection + 6 77AC69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!NtUnmapViewOfSection + B 77AC69C3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000903FC .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000901F8 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00130A08 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001303FC .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00130804 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001301F8 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[4772] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00130600 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + 6 77AC55CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtCreateFile + B 77AC55D3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + 6 77AC5C2E 1 Byte [28] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + 6 77AC5C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtMapViewOfSection + B 77AC5C33 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + 6 77AC5CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenFile + B 77AC5CE3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + 6 77AC5D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcess + B 77AC5D93 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessToken + B 77AC5DA3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + 6 77AC5DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenProcessTokenEx + B 77AC5DB3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + 6 77AC5E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThread + B 77AC5E13 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + 6 77AC5E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadToken + B 77AC5E23 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtOpenThreadTokenEx + B 77AC5E33 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + 6 77AC5F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryAttributesFile + B 77AC5F43 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtQueryFullAttributesFile + B 77AC5FF3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + 6 77AC663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationFile + B 77AC6643 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + 6 77AC669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtSetInformationThread + B 77AC66A3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + 6 77AC69BE 1 Byte [68] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + 6 77AC69BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!NtUnmapViewOfSection + B 77AC69C3 1 Byte [E2] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 001903FC .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 001901F8 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 001C0A08 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001C03FC .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 001C0804 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001C01F8 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5164] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 001C0600 .text C:\Windows\system32\ctfmon.exe[5524] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[5756] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[5756] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[5756] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[5756] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 00180A08 .text C:\Windows\System32\svchost.exe[5756] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 001803FC .text C:\Windows\System32\svchost.exe[5756] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 00180804 .text C:\Windows\System32\svchost.exe[5756] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 001801F8 .text C:\Windows\System32\svchost.exe[5756] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 00180600 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!LdrUnloadDll 77ADC8DE 5 Bytes JMP 000603FC .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] ntdll.dll!LdrLoadDll 77AE22B8 5 Bytes JMP 000601F8 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] kernel32.dll!GetBinaryTypeW + 70 77C369F4 1 Byte [62] .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] USER32.dll!UnhookWindowsHookEx 7767ADF9 5 Bytes JMP 000F0A08 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] USER32.dll!UnhookWinEvent 7767B750 5 Bytes JMP 000F03FC .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] USER32.dll!SetWindowsHookExW 7767E30C 5 Bytes JMP 000F0804 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] USER32.dll!SetWinEventHook 776824DC 5 Bytes JMP 000F01F8 .text C:\Users\Aga\AppData\Local\Google\Chrome\Application\chrome.exe[5868] USER32.dll!SetWindowsHookExA 776A6D0C 5 Bytes JMP 000F0600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746B2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74695600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746956BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746B24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746A8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746A4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746A506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746A5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746A6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746A826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746A87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746A901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746AE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746A4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ae2d00230040 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ae2d00230040@001d6ec0bee5 0x1B 0x15 0xCC 0x4A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xB9 0xA3 0x78 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ae2d00230040 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ae2d00230040@001d6ec0bee5 0x1B 0x15 0xCC 0x4A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x19 0xB9 0xA3 0x78 ... ---- Files - GMER 1.0.15 ---- File C:\## aswSnx private storage 0 bytes File C:\## aswSnx private storage\r702 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111} 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52\program files 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52\program files\Google 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52\program files\Google\Google Earth 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52\program files\Google\Google Earth\client 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52\program files\Google\Google Earth\client\res 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52\program files\Google\Google Earth\plugin 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige60 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige60\program files 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige60\program files\Google 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige60\program files\Google\Google Earth 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige60\program files\Google\Google Earth\client 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige60\program files\Google\Google Earth\plugin 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige61 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige61\program files 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige61\program files\Google 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige61\program files\Google\Google Earth 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige61\program files\Google\Google Earth\client 0 bytes File C:\## aswSnx private storage\r702\TFC.exe_{abf8b6a4-1889-11e1-9fbd-90e6baa6f111}\image\Windows\Temp\._msige61\program files\Google\Google Earth\plugin 0 bytes File C:\## aswSnx private storage\sfzone 0 bytes File C:\## aswSnx private storage\sfzone\attrib 0 bytes File C:\## aswSnx private storage\sfzone\image 0 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile 0 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default 0 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Archived History 53248 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Archived History-journal 512 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Favicons 10240 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Favicons-journal 512 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\History 90112 bytes File C:\## aswSnx private storage\sfzone\image\sfzone_profile\Default\Preferences 158 bytes File C:\## aswSnx private storage\sfzone\image\Users 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z6AFE7F 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z6AFE7F\desktop.ini 67 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2E3APWG 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2E3APWG\desktop.ini 67 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 16384 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI7M6FER 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI7M6FER\desktop.ini 67 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD9XNFIW 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD9XNFIW\desktop.ini 67 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\Desktop 0 bytes File C:\## aswSnx private storage\sfzone\image\Users\Aga\Desktop\Chromium.lnk 2280 bytes File C:\## aswSnx private storage\sfzone\snx_fs.dat 5098 bytes File C:\## aswSnx private storage\snx_rhive 262144 bytes File C:\## aswSnx private storage\snx_rhive.LOG1 95232 bytes File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes File C:\## aswSnx private storage\snx_rhive{3f016f7f-e091-11e0-9f10-90e6baa6f111}.TM.blf 65536 bytes File C:\## aswSnx private storage\snx_rhive{3f016f7f-e091-11e0-9f10-90e6baa6f111}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\## aswSnx private storage\snx_rhive{3f016f7f-e091-11e0-9f10-90e6baa6f111}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 1.0.15 ----