GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-16 16:50:52 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250620A rev.3.AAD Running: dp1yre4l.exe; Driver: C:\Users\Robert\AppData\Local\Temp\fwdyrpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x87D5CDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8CA97A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x87D5D85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x87D622E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x87D62330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x87D62422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x87D62252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x87D62374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x87D6229A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x87D623DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x87D5CE44] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8CA97B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x87D5CAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x87D5CE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x87D5FD1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x87D5DB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x87D6230E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x87D62352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x87D62446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x87D62278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x87D623AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x87D622C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x87D62400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8CA97CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x87D5D9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x87D5CEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x87D5CF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x87D5CB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x87D5CCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x87D5CC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x87D5CD5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8CA97D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x87D5CF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8CA97BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8CAADD92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 8285A3D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82893D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 8289ADC0 4 Bytes [F8, CD, D5, 87] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8289ADE8 4 Bytes [5A, 7A, A9, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8289AE48 4 Bytes [5E, D8, D5, 87] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8289AE9C 8 Bytes [E4, 22, D6, 87, 30, 23, D6, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 8289AEA8 4 Bytes [22, 24, D6, 87] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A27C30 5 Bytes JMP 8CAAAC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82A40250 5 Bytes JMP 8CAAC764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82A55397 4 Bytes CALL 87D5E1B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82A6F1A0 4 Bytes CALL 87D5E1CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AF9078 7 Bytes JMP 8CAADD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8751B089] .text USBPORT.SYS!DllUnload 8CB93DB9 5 Bytes JMP 857981C8 .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E029000, 0x227A14, 0xE8000020] ? C:\Windows\System32\Drivers\a5qp45uj.SYS suspicious PE modification .text user32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes [E9, 0A, 5C, 39, 89] {JMP 0xffffffff89395c0f} .text user32.dll!UnhookWinEvent 76F7B750 5 Bytes [E9, A7, 4C, 39, 89] {JMP 0xffffffff89394cac} .text user32.dll!SetWindowsHookExW 76F7E30C 5 Bytes [E9, F3, 24, 39, 89] {JMP 0xffffffff893924f8} .text user32.dll!SetWinEventHook 76F824DC 5 Bytes [E9, 17, DD, 38, 89] {JMP 0xffffffff8938dd1c} .text user32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes [E9, EF, 98, 36, 89] {JMP 0xffffffff893698f4} .text kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[356] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[356] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[356] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[356] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00490A08 .text C:\Windows\system32\svchost.exe[356] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 004903FC .text C:\Windows\system32\svchost.exe[356] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00490804 .text C:\Windows\system32\svchost.exe[356] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 004901F8 .text C:\Windows\system32\svchost.exe[356] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00490600 .text C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[484] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[484] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[484] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[484] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wininit.exe[484] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 000C03FC .text C:\Windows\system32\wininit.exe[484] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\wininit.exe[484] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wininit.exe[484] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[528] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[528] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[528] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[528] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 000D0A08 .text C:\Windows\system32\winlogon.exe[528] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 000D03FC .text C:\Windows\system32\winlogon.exe[528] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 000D0804 .text C:\Windows\system32\winlogon.exe[528] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 000D01F8 .text C:\Windows\system32\winlogon.exe[528] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 000D0600 .text C:\Windows\system32\services.exe[584] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[584] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[584] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[600] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000A03FC .text C:\Windows\system32\lsass.exe[600] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000A01F8 .text C:\Windows\system32\lsass.exe[600] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[600] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00030A08 .text C:\Windows\system32\lsass.exe[600] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 000303FC .text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00030804 .text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 000301F8 .text C:\Windows\system32\lsass.exe[600] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00030600 .text C:\Windows\system32\lsm.exe[608] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[608] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[608] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[716] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[716] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[716] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[716] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 003D0A08 .text C:\Windows\system32\svchost.exe[716] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 003D03FC .text C:\Windows\system32\svchost.exe[716] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 003D0804 .text C:\Windows\system32\svchost.exe[716] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 003D01F8 .text C:\Windows\system32\svchost.exe[716] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 003D0600 .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[796] user32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 004D0A08 .text C:\Windows\system32\svchost.exe[796] user32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 004D03FC .text C:\Windows\system32\svchost.exe[796] user32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 004D0804 .text C:\Windows\system32\svchost.exe[796] user32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 004D01F8 .text C:\Windows\system32\svchost.exe[796] user32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 004D0600 .text C:\Windows\System32\svchost.exe[844] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[844] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001C0A08 .text C:\Windows\System32\svchost.exe[844] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001C03FC .text C:\Windows\System32\svchost.exe[844] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001C0804 .text C:\Windows\System32\svchost.exe[844] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001C01F8 .text C:\Windows\System32\svchost.exe[844] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001C0600 .text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00260A08 .text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 002603FC .text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00260804 .text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 002601F8 .text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00260600 .text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00AA0A08 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 00AA03FC .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00AA0804 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 00AA01F8 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00AA0600 .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1152] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00560A08 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 005603FC .text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00560804 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 005601F8 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00560600 .text C:\Windows\System32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[1196] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1344] kernel32.dll!SetUnhandledExceptionFilter 76B4F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1344] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1376] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1540] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[1540] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[1540] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1540] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00100A08 .text C:\Windows\System32\spoolsv.exe[1540] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001003FC .text C:\Windows\System32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00100804 .text C:\Windows\System32\spoolsv.exe[1540] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001001F8 .text C:\Windows\System32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\taskhost.exe[1656] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000903FC .text C:\Windows\system32\taskhost.exe[1656] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskhost.exe[1656] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1656] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00120A08 .text C:\Windows\system32\taskhost.exe[1656] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001203FC .text C:\Windows\system32\taskhost.exe[1656] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00120804 .text C:\Windows\system32\taskhost.exe[1656] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001201F8 .text C:\Windows\system32\taskhost.exe[1656] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00120600 .text C:\Windows\system32\Dwm.exe[1708] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000A03FC .text C:\Windows\system32\Dwm.exe[1708] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000A01F8 .text C:\Windows\system32\Dwm.exe[1708] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1708] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00130A08 .text C:\Windows\system32\Dwm.exe[1708] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001303FC .text C:\Windows\system32\Dwm.exe[1708] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00130804 .text C:\Windows\system32\Dwm.exe[1708] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001301F8 .text C:\Windows\system32\Dwm.exe[1708] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00130600 .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1756] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1756] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00250A08 .text C:\Windows\system32\svchost.exe[1756] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 002503FC .text C:\Windows\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00250804 .text C:\Windows\system32\svchost.exe[1756] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 002501F8 .text C:\Windows\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00250600 .text C:\Windows\Explorer.EXE[1768] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[1768] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[1768] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1768] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00150A08 .text C:\Windows\Explorer.EXE[1768] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001503FC .text C:\Windows\Explorer.EXE[1768] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00150804 .text C:\Windows\Explorer.EXE[1768] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001501F8 .text C:\Windows\Explorer.EXE[1768] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00150600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1948] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2004] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00580A08 .text C:\Windows\system32\svchost.exe[2004] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 005803FC .text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00580804 .text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 005801F8 .text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00580600 .text C:\Windows\System32\svchost.exe[2064] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2064] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2064] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2112] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2112] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\SOUNDMAN.EXE[2208] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001503FC .text C:\Windows\SOUNDMAN.EXE[2208] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001501F8 .text C:\Windows\SOUNDMAN.EXE[2208] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\SOUNDMAN.EXE[2208] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\SOUNDMAN.EXE[2208] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001F03FC .text C:\Windows\SOUNDMAN.EXE[2208] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001F0804 .text C:\Windows\SOUNDMAN.EXE[2208] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001F01F8 .text C:\Windows\SOUNDMAN.EXE[2208] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2264] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00180600 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00250A08 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 002503FC .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00250804 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 002501F8 .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[2380] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00250600 .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] ntdll.dll!DbgUiRemoteBreakin 77AAF17D 1 Byte [C3] .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] KERNEL32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] USER32.dll!DefWindowProcA 76F7BB1C 5 Bytes JMP 630019AC C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] USER32.dll!GetSysColorBrush 76F7F1ED 4 Bytes JMP 6305CBDD C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] USER32.dll!DefWindowProcW 76F8507D 5 Bytes JMP 630019DB C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) .text C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] USER32.dll!GetSysColor 76F8DB7A 4 Bytes JMP 6305DA75 C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 000F03FC .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 000F0804 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe[2412] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 000F03FC .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 000F0804 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 000F01F8 .text C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe[2452] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[2520] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2660] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2668] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00100600 .text C:\Windows\System32\svchost.exe[2832] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2832] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2832] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[2832] user32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 003E0A08 .text C:\Windows\System32\svchost.exe[2832] user32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 003E03FC .text C:\Windows\System32\svchost.exe[2832] user32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 003E0804 .text C:\Windows\System32\svchost.exe[2832] user32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 003E01F8 .text C:\Windows\System32\svchost.exe[2832] user32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 003E0600 .text C:\Program Files\RocketDock\RocketDock.exe[2908] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Program Files\RocketDock\RocketDock.exe[2908] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Program Files\RocketDock\RocketDock.exe[2908] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\RocketDock\RocketDock.exe[2908] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\RocketDock\RocketDock.exe[2908] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001F03FC .text C:\Program Files\RocketDock\RocketDock.exe[2908] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001F0804 .text C:\Program Files\RocketDock\RocketDock.exe[2908] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\RocketDock\RocketDock.exe[2908] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001F0600 .text C:\Windows\System32\svchost.exe[2956] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000A03FC .text C:\Windows\System32\svchost.exe[2956] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000A01F8 .text C:\Windows\System32\svchost.exe[2956] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[2956] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00380A08 .text C:\Windows\System32\svchost.exe[2956] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 003803FC .text C:\Windows\System32\svchost.exe[2956] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00380804 .text C:\Windows\System32\svchost.exe[2956] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 003801F8 .text C:\Windows\System32\svchost.exe[2956] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00380600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000603FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00110A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001103FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00110804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001101F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3004] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00110600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3040] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 002003FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00200804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 002001F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3048] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00200600 .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 00310A08 .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 003103FC .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 00310804 .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 003101F8 .text C:\Users\Robert\Desktop\dp1yre4l.exe[3728] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 00310600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001F03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3828] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001F0600 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 000503FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 000501F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001F03FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001F0804 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001F01F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3960] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] ntdll.dll!LdrUnloadDll 77A6C86E 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] ntdll.dll!LdrLoadDll 77A7223E 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] USER32.dll!UnhookWindowsHookEx 76F7ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] USER32.dll!UnhookWinEvent 76F7B750 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] USER32.dll!SetWindowsHookExW 76F7E30C 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] USER32.dll!SetWinEventHook 76F824DC 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4016] USER32.dll!SetWindowsHookExA 76FA6D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\AUDIODG.EXE[4448] kernel32.dll!GetBinaryTypeW + 70 76B669F4 1 Byte [62] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87408730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87408F12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [87409232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [874090F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87408914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [726EF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1376] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [726EF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746D5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746D56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746E8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746E4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746E506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746E5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746E6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746E826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746E87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746E901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746EE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1768] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746E4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305CBDD] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301E1DC] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenu] [630295EF] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowPlacement] [6301D628] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [63029617] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!SetScrollInfo] [61001750] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!SetScrollPos] [61001790] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!MoveWindow] [6301D83B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos] [6301DA46] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [630292CF] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [USER32.dll!MoveWindow] [6301D83B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [63029501] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[2404] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2660] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [726EF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 846DD1E8 Device \Driver\usbohci \Device\USBPDO-0 857991E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{BC3C9E1B-6E52-45BB-9499-FD1EE7A40C31} 856C91E8 Device \Driver\usbohci \Device\USBPDO-1 857991E8 Device \Driver\usbehci \Device\USBPDO-2 8579C1E8 Device \Driver\PCI_PNP6466 \Device\00000053 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 856A9430 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 846DB1E8 Device \Driver\atapi \Device\Ide\IdePort0 846DB1E8 Device \Driver\atapi \Device\Ide\IdePort1 846DB1E8 Device \Driver\atapi \Device\Ide\IdePort2 846DB1E8 Device \Driver\atapi \Device\Ide\IdePort3 846DB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 846DB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-5 846DB1E8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 856A9430 Device \Driver\cdrom \Device\CdRom2 856A9430 Device \Driver\NetBT \Device\NetBt_Wins_Export 856C91E8 Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) Device \Driver\usbohci \Device\USBFDO-0 857991E8 Device \Driver\usbohci \Device\USBFDO-1 857991E8 Device \Driver\usbehci \Device\USBFDO-2 8579C1E8 Device \Driver\a5qp45uj \Device\Scsi\a5qp45uj1 8587B1E8 Device \Driver\a5qp45uj \Device\Scsi\a5qp45uj1Port5Path0Target0Lun0 8587B1E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0xF8 0x42 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0xB2 0x87 0x41 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0xF7 0x37 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0xF8 0x42 0xEF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFC 0xB2 0x87 0x41 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0xF7 0x37 0xE0 ... ---- Files - GMER 1.0.15 ---- File C:\avast! sandbox 0 bytes File C:\avast! sandbox\S-1-5-21-1828221016-1472519860-3512910915-1000 0 bytes File C:\avast! sandbox\S-1-5-21-1828221016-1472519860-3512910915-1000\r17 0 bytes File C:\avast! sandbox\S-1-5-21-1828221016-1472519860-3512910915-1000\r17\OTL.exe_{1eb03c0d-6f67-11e1-95b9-00138f478a68} 0 bytes File C:\avast! sandbox\S-1-5-21-1828221016-1472519860-3512910915-1000\r17\OTL.exe_{1eb03c1c-6f67-11e1-95b9-00138f478a68} 0 bytes File C:\avast! sandbox\snx_rhive 262144 bytes File C:\avast! sandbox\snx_rhive.LOG1 5120 bytes File C:\avast! sandbox\snx_rhive.LOG2 0 bytes File C:\avast! sandbox\snx_rhive{1eb03c0f-6f67-11e1-95b9-00138f478a68}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{1eb03c0f-6f67-11e1-95b9-00138f478a68}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{1eb03c0f-6f67-11e1-95b9-00138f478a68}.TMContainer00000000000000000002.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{1eb03c1e-6f67-11e1-95b9-00138f478a68}.TM.blf 65536 bytes File C:\avast! sandbox\snx_rhive{1eb03c1e-6f67-11e1-95b9-00138f478a68}.TMContainer00000000000000000001.regtrans-ms 524288 bytes File C:\avast! sandbox\snx_rhive{1eb03c1e-6f67-11e1-95b9-00138f478a68}.TMContainer00000000000000000002.regtrans-ms 524288 bytes ---- EOF - GMER 1.0.15 ----