GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-21 23:09:41 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-001CA0 rev.15.01H15 Running: e7msh5dp.exe; Driver: C:\Users\Dom\AppData\Local\Temp\uxriqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90A3E536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x919177BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90A3EF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90A49D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90A49DC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90A49F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90A49CE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91917BAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90A49D30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90A3F146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90A3F2CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90A49F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90A3F8CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90A3E584] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9191789E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90A3E1EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90A3E5D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90A432A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90A40292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90A49DA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90A49DE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90A49F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90A49D0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90A49E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90A49D58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90A49F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91917A1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90A4015E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90A3FE9A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90A3E620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90A3E66E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90A3F74A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90A3E276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90A3E426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90A3E3CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90A3FA2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90A3FB88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90A3E496] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91917AE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90A3F5CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90A3E6BC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91917954] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9192F744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830443C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83084D80 4 Bytes [36, E5, A3, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83084DA8 4 Bytes [BA, 77, 91, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83084E08 4 Bytes [52, EF, A3, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83084E5C 8 Bytes [7A, 9D, A4, 90, C6, 9D, A4, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83084E68 4 Bytes [48, 9F, A4, 90] {DEC EAX; LAHF ; MOVSB ; NOP } .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83211C64 5 Bytes JMP 9192C61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 8322A290 5 Bytes JMP 9192E116 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8323F3D7 4 Bytes CALL 90A40959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832591E0 4 Bytes CALL 90A4096F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 832E311A 7 Bytes JMP 9192F748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text user32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes [E9, 0A, 5C, 27, 8A] {JMP 0xffffffff8a275c0f} .text user32.dll!UnhookWinEvent 75F9B750 5 Bytes [E9, A7, 4C, 27, 8A] {JMP 0xffffffff8a274cac} .text user32.dll!SetWindowsHookExW 75F9E30C 5 Bytes [E9, F3, 24, 27, 8A] {JMP 0xffffffff8a2724f8} .text user32.dll!SetWinEventHook 75FA24DC 5 Bytes [E9, 17, DD, 26, 8A] {JMP 0xffffffff8a26dd1c} .text user32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes [E9, EF, 98, 24, 8A] {JMP 0xffffffff8a2498f4} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[548] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text ... .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!PFXVerifyPassword + B94B 75EACBF7 1 Byte [C2] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!PFXVerifyPassword + B95B 75EACC07 1 Byte [08] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!PFXVerifyPassword + B963 75EACC0F 1 Byte [E8] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!PFXVerifyPassword + B96B 75EACC17 1 Byte [74] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!PFXVerifyPassword + B97B 75EACC27 1 Byte [90] .text ... .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!CertResyncCertificateChainEngine + 38 75EAD7EF 1 Byte [31] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!CertResyncCertificateChainEngine + 40 75EAD7F7 1 Byte [FF] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!CertResyncCertificateChainEngine + 60 75EAD817 1 Byte [E1] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!CertResyncCertificateChainEngine + 88 75EAD83F 1 Byte [85] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!CertResyncCertificateChainEngine + A0 75EAD857 1 Byte [50] .text ... .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptDisableLruOfEntries + 12 75EAD8DF 1 Byte [90] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptWalkAllLruCacheEntries + 4 75EAD8E7 1 Byte [EC] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptWalkAllLruCacheEntries + C 75EAD8EF 1 Byte [75] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptWalkAllLruCacheEntries + 2C 75EAD90F 1 Byte [8B] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptWalkAllLruCacheEntries + 3C 75EAD91F 1 Byte [D0] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptWalkAllLruCacheEntries + 44 75EAD927 1 Byte [D6] .text ... .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptEnableLruOfEntries + 9 75EAD9CF 1 Byte [4D] .text C:\Windows\system32\svchost.exe[760] CRYPT32.dll!I_CryptEnableLruOfEntries + 19 75EAD9DF 1 Byte [8B] .text C:\Windows\system32\nvvsvc.exe[844] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text ... .text C:\Windows\system32\nvvsvc.exe[1468] SHELL32.dll!SHCreateDirectoryExA + E5C 76BF6007 1 Byte [20] .text C:\Windows\system32\nvvsvc.exe[1468] SHELL32.dll!SHCreateDirectoryExA + E64 76BF600F 1 Byte [99] .text C:\Windows\system32\nvvsvc.exe[1468] SHELL32.dll!SHCreateDirectoryExA + E7C 76BF6027 1 Byte [0B] .text C:\Windows\system32\nvvsvc.exe[1468] SHELL32.dll!SHCreateDirectoryExA + E84 76BF602F 1 Byte [88] .text C:\Windows\system32\nvvsvc.exe[1468] SHELL32.dll!SHCreateDirectoryExA + E8C 76BF6037 1 Byte [85] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] kernel32.dll!SetUnhandledExceptionFilter 7688F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] SHELL32.dll!SignalFileOpen + 22855 76C657EF 1 Byte [68] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] SHELL32.dll!SignalFileOpen + 2285D 76C657F7 1 Byte [0F] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] SHELL32.dll!SignalFileOpen + 22875 76C6580F 1 Byte [50] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] SHELL32.dll!SignalFileOpen + 22885 76C6581F 1 Byte [00] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] SHELL32.dll!SignalFileOpen + 2289D 76C65837 1 Byte [B6] .text ... .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000503FC .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000501F8 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00080A08 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 000803FC .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00080804 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 000801F8 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1612] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00080600 .text C:\Windows\System32\spoolsv.exe[1688] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1736] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1792] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1856] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 67340C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 768893D6 7 Bytes JMP 67577B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!QueryPerformanceCounter + 13 7688C435 7 Bytes JMP 67577B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!LoadAppInitDlls + 355 7688F4F6 7 Bytes JMP 67343FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] GDI32.dll!GetViewportOrgEx + 26C 7672884B 7 Bytes JMP 67577AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] SHELL32.dll!SHShowManageLibraryUI + 13117 76E58017 1 Byte [76] .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] SHELL32.dll!SHShowManageLibraryUI + 1311F 76E5801F 1 Byte [E8] .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] SHELL32.dll!SHShowManageLibraryUI + 13127 76E58027 1 Byte [F6] .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] SHELL32.dll!SHShowManageLibraryUI + 1313F 76E5803F 1 Byte [C8] .text C:\Program Files\Mozilla Firefox\firefox.exe[1876] SHELL32.dll!SHShowManageLibraryUI + 1317F 76E5807F 1 Byte [05] .text ... .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1928] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1960] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1960] SHELL32.dll!StrChrW + 9C97 76C367EF 1 Byte [27] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1960] SHELL32.dll!StrChrW + 9C9F 76C367F7 1 Byte [8B] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1960] SHELL32.dll!StrChrW + 9CAF 76C36807 1 Byte [46] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1960] SHELL32.dll!StrChrW + 9CB7 76C3680F 1 Byte [76] .text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1960] SHELL32.dll!StrChrW + 9CBF 76C36817 1 Byte [51] .text ... .text C:\Windows\system32\svchost.exe[2052] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2052] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2052] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2072] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2072] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2072] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2072] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00360A08 .text C:\Windows\system32\svchost.exe[2072] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 003603FC .text C:\Windows\system32\svchost.exe[2072] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00360804 .text C:\Windows\system32\svchost.exe[2072] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 003601F8 .text C:\Windows\system32\svchost.exe[2072] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00360600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2156] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[2432] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2432] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2432] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2432] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00A40A08 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 00A403FC .text C:\Windows\system32\svchost.exe[2432] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00A40804 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 00A401F8 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00A40600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00140A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001403FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00140804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001401F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2696] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00140600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00190A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001903FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00190804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001901F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00190600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] ole32.dll!StgGetIFillLockBytesOnFile + 79C 7630401F 1 Byte [49] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] ole32.dll!StgGetIFillLockBytesOnFile + 7A4 76304027 1 Byte [B3] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] ole32.dll!StgGetIFillLockBytesOnFile + 7C4 76304047 1 Byte [AF] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] ole32.dll!StgGetIFillLockBytesOnFile + 7CC 7630404F 1 Byte [C2] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2796] ole32.dll!StgGetIFillLockBytesOnFile + 804 76304087 1 Byte [12] .text ... .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3012] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3012] SHELL32.dll!DllInstall + 4E6C 76D21007 1 Byte [FA] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3012] SHELL32.dll!DllInstall + 4E7C 76D21017 1 Byte [90] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3012] SHELL32.dll!DllInstall + 4E8C 76D21027 1 Byte [76] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3012] SHELL32.dll!DllInstall + 4E94 76D2102F 1 Byte [0C] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3012] SHELL32.dll!DllInstall + 4E9C 76D21037 1 Byte [56] .text ... .text C:\Windows\system32\SearchIndexer.exe[3164] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[3164] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[3164] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 000903FC .text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00090804 .text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[3164] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00090600 .text C:\Windows\system32\SearchIndexer.exe[3164] SHELL32.dll!SHCreateDirectoryExA + 163C 76BF67E7 1 Byte [54] .text C:\Windows\system32\SearchIndexer.exe[3164] SHELL32.dll!SHCreateDirectoryExA + 1644 76BF67EF 1 Byte [2B] .text C:\Windows\system32\SearchIndexer.exe[3164] SHELL32.dll!SHCreateDirectoryExA + 1654 76BF67FF 1 Byte [7F] .text C:\Windows\system32\SearchIndexer.exe[3164] SHELL32.dll!SHCreateDirectoryExA + 1664 76BF680F 1 Byte [00] .text C:\Windows\system32\SearchIndexer.exe[3164] SHELL32.dll!SHCreateDirectoryExA + 166C 76BF6817 1 Byte [66] .text ... .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 001A0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001A03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 001A0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001A01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 001A0600 .text C:\Program Files\Winamp\winamp.exe[3324] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 001603FC .text C:\Program Files\Winamp\winamp.exe[3324] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 001601F8 .text C:\Program Files\Winamp\winamp.exe[3324] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Winamp\winamp.exe[3324] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\Winamp\winamp.exe[3324] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001803FC .text C:\Program Files\Winamp\winamp.exe[3324] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00180804 .text C:\Program Files\Winamp\winamp.exe[3324] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001801F8 .text C:\Program Files\Winamp\winamp.exe[3324] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00180600 .text C:\Program Files\Gadu-Gadu\gg.exe[3620] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 003603FC .text C:\Program Files\Gadu-Gadu\gg.exe[3620] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 003601F8 .text C:\Program Files\Gadu-Gadu\gg.exe[3620] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Gadu-Gadu\gg.exe[3620] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00AC0A08 .text C:\Program Files\Gadu-Gadu\gg.exe[3620] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 00AC03FC .text C:\Program Files\Gadu-Gadu\gg.exe[3620] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00AC0804 .text C:\Program Files\Gadu-Gadu\gg.exe[3620] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 00AC01F8 .text C:\Program Files\Gadu-Gadu\gg.exe[3620] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00AC0600 .text C:\Program Files\Last.fm\LastFM.exe[3800] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 001603FC .text C:\Program Files\Last.fm\LastFM.exe[3800] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 001601F8 .text C:\Program Files\Last.fm\LastFM.exe[3800] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Last.fm\LastFM.exe[3800] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00540A08 .text C:\Program Files\Last.fm\LastFM.exe[3800] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 005403FC .text C:\Program Files\Last.fm\LastFM.exe[3800] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00540804 .text C:\Program Files\Last.fm\LastFM.exe[3800] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 005401F8 .text C:\Program Files\Last.fm\LastFM.exe[3800] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00540600 .text C:\Windows\system32\svchost.exe[3820] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3820] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3820] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3820] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\svchost.exe[3820] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\svchost.exe[3820] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\svchost.exe[3820] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\svchost.exe[3820] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 001F0600 .text C:\Windows\System32\svchost.exe[3948] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3948] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3948] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[3948] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00140A08 .text C:\Windows\System32\svchost.exe[3948] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001403FC .text C:\Windows\System32\svchost.exe[3948] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00140804 .text C:\Windows\System32\svchost.exe[3948] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001401F8 .text C:\Windows\System32\svchost.exe[3948] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00140600 .text C:\Windows\System32\svchost.exe[3956] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3956] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3956] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00100600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] SHELL32.dll!SHCreateDefaultExtractIcon + 16FE 76B4D7E7 1 Byte [FF] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] SHELL32.dll!SHCreateDefaultExtractIcon + 1716 76B4D7FF 1 Byte [7C] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] SHELL32.dll!SHCreateDefaultExtractIcon + 171E 76B4D807 1 Byte [33] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] SHELL32.dll!SHCreateDefaultExtractIcon + 1726 76B4D80F 1 Byte [45] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4020] SHELL32.dll!SHCreateDefaultExtractIcon + 172E 76B4D817 1 Byte [68] .text ... .text C:\Windows\notepad.exe[4344] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\notepad.exe[4344] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\notepad.exe[4344] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\notepad.exe[4344] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00240A08 .text C:\Windows\notepad.exe[4344] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 002403FC .text C:\Windows\notepad.exe[4344] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00240804 .text C:\Windows\notepad.exe[4344] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 002401F8 .text C:\Windows\notepad.exe[4344] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00240600 .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 001603FC .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 001601F8 .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00210A08 .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 002103FC .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00210804 .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 002101F8 .text C:\Users\Dom\Desktop\e7msh5dp.exe[4832] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00210600 .text C:\Windows\system32\taskeng.exe[6140] ntdll.dll!LdrUnloadDll 77B5C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[6140] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[6140] kernel32.dll!GetBinaryTypeW + 70 768A69F4 1 Byte [62] .text C:\Windows\system32\taskeng.exe[6140] USER32.dll!UnhookWindowsHookEx 75F9ADF9 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[6140] USER32.dll!UnhookWinEvent 75F9B750 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[6140] USER32.dll!SetWindowsHookExW 75F9E30C 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[6140] USER32.dll!SetWinEventHook 75FA24DC 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[6140] USER32.dll!SetWindowsHookExA 75FC6D0C 5 Bytes JMP 00080600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7256F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747E24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747C562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747C56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747E2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747D85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747D4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747D5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747D51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [747D6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747D8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747D8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747D90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747DE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747D4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3012] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7256F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----