GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-31 13:31:12 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1032GSX rev.AS022M Running: ezt5537u.exe; Driver: C:\Users\MA\AppData\Local\Temp\pxldypoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CB104BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8D0FDC22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8CB10ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CB1BFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CB1BFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CB1C176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CB1BF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8D0FDFA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CB1BF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8CB1111C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CB1C130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8CB1193E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CB10508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8D0FDCEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8D0FC3EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CB10556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CB15534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CB123A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CB1BFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CB1C016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CB1C19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CB1BF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CB1C0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CB1BF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CB1C154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8D0FDE4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CB12272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8CB11DD4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CB105A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CB105F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8CB117BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CB101FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CB103AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CB10350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8CB11AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8CB11C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CB1041A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8D0FDEFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8CB11636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8D0FC41C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CB10640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8D0FDD96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8CB112F4] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D116E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 2FD 82872934 4 Bytes [BA, 04, B1, 8C] .text ntoskrnl.exe!KeInsertQueue + 321 82872958 4 Bytes [22, DC, 0F, 8D] .text ntoskrnl.exe!KeInsertQueue + 381 828729B8 4 Bytes [D6, 0E, B1, 8C] {SALC ; PUSH CS; MOV CL, 0x8c} .text ntoskrnl.exe!KeInsertQueue + 3C1 828729F8 8 Bytes [A8, BF, B1, 8C, F4, BF, B1, ...] .text ntoskrnl.exe!KeInsertQueue + 3CD 82872A04 4 Bytes [76, C1, B1, 8C] {JBE 0xffffffffffffffc3; MOV CL, 0x8c} .text ... PAGE ntoskrnl.exe!ObMakeTemporaryObject 829A8E46 5 Bytes JMP 8D113CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 110 829F254F 4 Bytes CALL 8CB12A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ObInsertObject 829F6A1C 5 Bytes JMP 8D115810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 121 82A20017 4 Bytes CALL 8CB12AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 82A8DEC6 7 Bytes JMP 8D116E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text ntdll.dll!LdrLoadDll 77339378 5 Bytes [E9, 7B, 6E, E2, 88] {JMP 0xffffffff88e26e80} .text ntdll.dll!LdrUnloadDll 7734B680 5 Bytes [E9, 77, 4D, E1, 88] {JMP 0xffffffff88e14d7c} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[392] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[576] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\csrss.exe[604] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[612] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\csrss.exe[648] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text ... .text C:\Users\MA\Downloads\ezt5537u.exe[884] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Users\MA\Downloads\ezt5537u.exe[884] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Users\MA\Downloads\ezt5537u.exe[884] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001703FC .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00170600 .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00171014 .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00170804 .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170A08 .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00170C0C .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170E10 .text C:\Users\MA\Downloads\ezt5537u.exe[884] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001701F8 .text C:\Users\MA\Downloads\ezt5537u.exe[884] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00180600 .text C:\Users\MA\Downloads\ezt5537u.exe[884] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00180804 .text C:\Users\MA\Downloads\ezt5537u.exe[884] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180A08 .text C:\Users\MA\Downloads\ezt5537u.exe[884] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001801F8 .text C:\Users\MA\Downloads\ezt5537u.exe[884] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text ... .text C:\Windows\System32\mobsync.exe[1328] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000601F8 .text C:\Windows\System32\mobsync.exe[1328] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000603FC .text C:\Windows\System32\mobsync.exe[1328] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\mobsync.exe[1328] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\mobsync.exe[1328] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00080600 .text C:\Windows\System32\mobsync.exe[1328] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00080804 .text C:\Windows\System32\mobsync.exe[1328] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\mobsync.exe[1328] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\mobsync.exe[1328] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1616] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1712] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\Explorer.EXE[1764] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1808] kernel32.dll!SetUnhandledExceptionFilter 76E4A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1808] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1936] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1960] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2000] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\svchost.exe[2076] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001703FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00170600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00171014 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00170804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00170C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001701F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00180600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00180804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2132] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\SearchIndexer.exe[2148] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00070C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!GetWindowInfo 760B428E 5 Bytes JMP 6600BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2216] USER32.dll!SetMenuItemBitmaps + 71 760C14EE 7 Bytes JMP 6600C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000601F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000603FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00070600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2324] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001901F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001903FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateKey + 6 7737428A 4 Bytes [68, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateKey + B 7737428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateMutant + 6 773742BA 4 Bytes [28, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateMutant + B 773742BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateSection + 6 7737433A 4 Bytes [68, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtCreateSection + B 7737433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [A8, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenKey + 6 77374A5A 4 Bytes [A8, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenKey + B 77374A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenMutant + B 77374A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcess + 6 77374AAA 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [28, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcessToken + 6 77374ABA 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcessToken + 6 77374ABA 4 Bytes [68, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [28, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenSection + 6 77374ADA 4 Bytes [A8, 02, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenSection + B 77374ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenThreadToken + 6 77374B2A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenThreadTokenEx + 6 77374B3A 4 Bytes [68, 04, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtSetInformationThread + 6 773751AA 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [A8, 03, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] KERNEL32.dll!CreateProcessW 76E21BF3 5 Bytes JMP 000200B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] KERNEL32.dll!CreateProcessA 76E21C28 5 Bytes JMP 000200F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] KERNEL32.dll!OpenEventW 76E3C023 5 Bytes JMP 00020070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] KERNEL32.dll!CreateEventW 76E6B85E 5 Bytes JMP 00020030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!DeleteObject 75F45A37 5 Bytes JMP 001B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetDeviceCaps 75F4617F 5 Bytes JMP 001B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SelectObject 75F462A0 5 Bytes JMP 001B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetTextColor 75F4666B 5 Bytes JMP 001B0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetBkMode 75F46716 5 Bytes JMP 001B08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!DeleteDC 75F468CD 5 Bytes JMP 001B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetCurrentObject 75F46B58 5 Bytes JMP 001B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetStretchBltMode 75F47206 5 Bytes JMP 001B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SaveDC 75F475BA 5 Bytes JMP 001B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!RestoreDC 75F47675 5 Bytes JMP 001B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!StretchDIBits 75F478CF 5 Bytes JMP 001B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!ExtSelectClipRgn 75F479F8 5 Bytes JMP 001B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SelectClipRgn 75F47AF9 5 Bytes JMP 001B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!MoveToEx 75F47C33 5 Bytes JMP 001B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!Rectangle 75F47EA9 5 Bytes JMP 001B09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetTextAlign 75F482E0 5 Bytes JMP 001B0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetTextAlign 75F485CB 5 Bytes JMP 001B09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!ExtTextOutW 75F4872B 5 Bytes JMP 001B0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetTextMetricsW 75F48A81 5 Bytes JMP 001B0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!IntersectClipRect 75F48B64 5 Bytes JMP 001B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetClipBox 75F49071 5 Bytes JMP 001B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetICMMode 75F494E7 5 Bytes JMP 001B0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!CreateDCW 75F4A91D 5 Bytes JMP 001B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!CreateDCA 75F4AA49 5 Bytes JMP 001B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!CreateICW 75F4B2E9 5 Bytes JMP 001B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetTextFaceW 75F4B637 5 Bytes JMP 001B0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetFontData 75F4BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetFontData 75F4BA6C 5 Bytes JMP 001B0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetTextExtentPoint32W 75F4C01A 5 Bytes JMP 001B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetWorldTransform 75F4C46A 5 Bytes JMP 001B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!LineTo 75F4C65E 5 Bytes JMP 001B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetTextMetricsA 75F4CCEB 5 Bytes JMP 001B0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!ExtTextOutA 75F500A5 5 Bytes JMP 001B0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetTextExtentPoint32A 75F50E58 5 Bytes JMP 001B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!ExtEscape 75F522A7 5 Bytes JMP 001B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!Escape 75F527F1 5 Bytes JMP 001B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!ResetDCW 75F53132 5 Bytes JMP 001B0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!EndPage 75F5375E 5 Bytes JMP 001B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetPolyFillMode 75F561D3 5 Bytes JMP 001B0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SetMiterLimit 75F562E2 5 Bytes JMP 001B0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetTextFaceA 75F5F4C5 5 Bytes JMP 001B0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!GetGlyphOutlineW 75F6A41F 5 Bytes JMP 001B0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!CreateScalableFontResourceW 75F6C88B 5 Bytes JMP 001B0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!AddFontResourceW 75F6CC93 5 Bytes JMP 001B0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!RemoveFontResourceW 75F6D129 5 Bytes JMP 001B0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!AbortDoc 75F72CC4 5 Bytes JMP 001B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!EndDoc 75F730D8 5 Bytes JMP 001B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!StartPage 75F731C3 5 Bytes JMP 001B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!StartDocW 75F73CA7 5 Bytes JMP 001B07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!BeginPath 75F74465 5 Bytes JMP 001B0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!SelectClipPath 75F744BC 5 Bytes JMP 001B0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!CloseFigure 75F74517 5 Bytes JMP 001B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!EndPath 75F7456E 5 Bytes JMP 001B0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!StrokePath 75F747A0 5 Bytes JMP 001B07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!FillPath 75F7482C 5 Bytes JMP 001B0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!PolylineTo 75F74C95 5 Bytes JMP 001B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!PolyBezierTo 75F74D25 5 Bytes JMP 001B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] GDI32.dll!PolyDraw 75F74DD6 5 Bytes JMP 001B08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 001D0600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 001D0804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 001D0A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001D01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001D03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!SetCursor 760AD37D 5 Bytes JMP 001C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!RegisterClipboardFormatW 760AD6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!RegisterClipboardFormatW 760AD6AC 5 Bytes JMP 001C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!ActivateKeyboardLayout 760B478C 5 Bytes JMP 001C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!IsWindowVisible 760B878A 7 Bytes JMP 001C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!MonitorFromWindow 760B88D4 7 Bytes JMP 001C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!ScreenToClient 760B8C56 7 Bytes JMP 001C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetClientRect 760B8F0D 7 Bytes JMP 001C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetParent 760B90AA 3 Bytes JMP 001C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetParent + 4 760B90AE 3 Bytes [8A, CC, CC] {MOV CL, AH; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!RegisterClipboardFormatA 760BA111 5 Bytes JMP 001C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!PostMessageW 760BA175 5 Bytes JMP 001C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!MapWindowPoints 760BA30D 5 Bytes JMP 001C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetClipboardFormatNameA 760BA552 5 Bytes JMP 001C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetOpenClipboardWindow 760C26A6 5 Bytes JMP 001C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!SetClipboardViewer 760CBA2D 5 Bytes JMP 001C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!IsClipboardFormatAvailable 760CC2E3 5 Bytes JMP 001C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!CloseClipboard 760CC2F7 5 Bytes JMP 001C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!OpenClipboard 760CC31D 5 Bytes JMP 001C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetTopWindow 760CCE0A 7 Bytes JMP 001C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetClipboardSequenceNumber 760CD8B7 5 Bytes JMP 001C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!ChangeClipboardChain 760CDF83 5 Bytes JMP 001C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!CountClipboardFormats 760D0048 5 Bytes JMP 001C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetClipboardOwner 760D26EF 5 Bytes JMP 001C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!SetClipboardData 760E6410 5 Bytes JMP 001C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!EnumClipboardFormats 760E6D16 5 Bytes JMP 001C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!SetCursorPos 760E6FB2 5 Bytes JMP 001C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetClipboardData 760E715A 5 Bytes JMP 001C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetClipboardFormatNameW 760EA99F 5 Bytes JMP 001C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!EmptyClipboard 7610398B 5 Bytes JMP 001C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetClipboardViewer 761039ED 5 Bytes JMP 001C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] USER32.dll!GetPriorityClipboardFormat 76103AEF 5 Bytes JMP 001C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001E03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 001E0600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 001E1014 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 001E0804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 001E0A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 001E0C0C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 001E0E10 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001E01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ole32.dll!OleGetClipboard 772374C9 5 Bytes JMP 001F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ole32.dll!OleSetClipboard 772611E3 5 Bytes JMP 001F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] ole32.dll!OleIsCurrentClipboard 7726A8F9 5 Bytes JMP 001F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!FreeContextBuffer 75842D83 5 Bytes JMP 002200F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!DeleteSecurityContext 75842F18 5 Bytes JMP 00220270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!FreeCredentialsHandle 75843598 5 Bytes JMP 00220130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!EncryptMessage 75843745 5 Bytes JMP 002201F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!DecryptMessage 75843813 5 Bytes JMP 00220230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!InitializeSecurityContextA 758487DF 5 Bytes JMP 00220170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!AcquireCredentialsHandleA 75848A43 5 Bytes JMP 00220030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!QueryContextAttributesA 75848E77 5 Bytes JMP 00220070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!ApplyControlToken 7584DE4F 5 Bytes JMP 002201B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] Secur32.dll!QueryCredentialsAttributesA 7584E052 5 Bytes JMP 002200B0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2816] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\taskeng.exe[2836] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2836] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2836] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\taskeng.exe[2836] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2836] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00020600 .text C:\Windows\system32\taskeng.exe[2836] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00020804 .text C:\Windows\system32\taskeng.exe[2836] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00020A08 .text C:\Windows\system32\taskeng.exe[2836] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000201F8 .text C:\Windows\system32\taskeng.exe[2836] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000203FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001703FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00170600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00171014 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00170804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00170C0C .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170E10 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001701F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00180600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00180804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2852] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001803FC .text C:\Windows\System32\notepad.exe[2936] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000A01F8 .text C:\Windows\System32\notepad.exe[2936] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000A03FC .text C:\Windows\System32\notepad.exe[2936] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\notepad.exe[2936] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\notepad.exe[2936] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 000C0600 .text C:\Windows\System32\notepad.exe[2936] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 000C0804 .text C:\Windows\System32\notepad.exe[2936] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 000C0A08 .text C:\Windows\System32\notepad.exe[2936] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\System32\notepad.exe[2936] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000C03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00170600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00170804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001703FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001803FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00180600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00181014 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00180804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00180C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2948] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001801F8 .text C:\Windows\RtHDVCpl.exe[3080] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Windows\RtHDVCpl.exe[3080] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Windows\RtHDVCpl.exe[3080] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 002703FC .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00270600 .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00271014 .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00270804 .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00270A08 .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00270C0C .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00270E10 .text C:\Windows\RtHDVCpl.exe[3080] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 002701F8 .text C:\Windows\RtHDVCpl.exe[3080] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00280600 .text C:\Windows\RtHDVCpl.exe[3080] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00280804 .text C:\Windows\RtHDVCpl.exe[3080] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00280A08 .text C:\Windows\RtHDVCpl.exe[3080] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 002801F8 .text C:\Windows\RtHDVCpl.exe[3080] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 002803FC .text C:\Windows\System32\igfxtray.exe[3136] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 002601F8 .text C:\Windows\System32\igfxtray.exe[3136] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 002603FC .text C:\Windows\System32\igfxtray.exe[3136] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[3136] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00280600 .text C:\Windows\System32\igfxtray.exe[3136] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00280804 .text C:\Windows\System32\igfxtray.exe[3136] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00280A08 .text C:\Windows\System32\igfxtray.exe[3136] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 002801F8 .text C:\Windows\System32\igfxtray.exe[3136] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 002803FC .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 002903FC .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00290600 .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00291014 .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00290804 .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00290A08 .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00290C0C .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00290E10 .text C:\Windows\System32\igfxtray.exe[3136] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 002901F8 .text C:\Windows\System32\hkcmd.exe[3148] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Windows\System32\hkcmd.exe[3148] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Windows\System32\hkcmd.exe[3148] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[3148] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00180600 .text C:\Windows\System32\hkcmd.exe[3148] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00180804 .text C:\Windows\System32\hkcmd.exe[3148] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\hkcmd.exe[3148] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\hkcmd.exe[3148] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001803FC .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00190600 .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00190C0C .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\hkcmd.exe[3148] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001901F8 .text C:\Windows\System32\igfxpers.exe[3156] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxpers.exe[3156] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxpers.exe[3156] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[3156] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00170600 .text C:\Windows\System32\igfxpers.exe[3156] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00170804 .text C:\Windows\System32\igfxpers.exe[3156] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170A08 .text C:\Windows\System32\igfxpers.exe[3156] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001701F8 .text C:\Windows\System32\igfxpers.exe[3156] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001703FC .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001803FC .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00180600 .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00181014 .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00180804 .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180A08 .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00180C0C .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180E10 .text C:\Windows\System32\igfxpers.exe[3156] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\igfxsrvc.exe[3172] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Windows\system32\igfxsrvc.exe[3172] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Windows\system32\igfxsrvc.exe[3172] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[3172] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxsrvc.exe[3172] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxsrvc.exe[3172] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxsrvc.exe[3172] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxsrvc.exe[3172] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00180600 .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00180C0C .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\igfxsrvc.exe[3172] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00160600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00160804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00170C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3288] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001701F8 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001501F8 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001503FC .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001603FC .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00160600 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00161014 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00160804 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00160A08 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00160C0C .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00160E10 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001601F8 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00170600 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00170804 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170A08 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\CardDetector\HUAWEI177\CardDetector.exe[3340] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 005F03FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 005F0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 005F1014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 005F0804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 005F0A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 005F0C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 005F0E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 005F01F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00600600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00600804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00600A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 006001F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3416] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 006003FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[3468] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3480] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001903FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3488] kernel32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3584] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3584] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3584] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3584] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[3584] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000803FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 001601F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 001603FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00180600 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00180804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 001803FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00190600 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00191014 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00190804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00190A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00190C0C .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00190E10 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3592] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3648] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000803FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000601F8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000603FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00070600 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00070804 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070A08 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000703FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000803FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00080600 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00081014 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00080804 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00080A08 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00080C0C .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00080E10 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3660] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3756] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!LdrLoadDll 77339378 5 Bytes JMP 65E8B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!LdrUnloadDll 7734B680 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] KERNEL32.dll!LockResource + C 76E66ACB 7 Bytes JMP 6613B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] KERNEL32.dll!VirtualAllocEx + 54 76E6AF50 7 Bytes JMP 6613B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] KERNEL32.dll!GetBinaryTypeW + 70 76E72447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] USER32.dll!SetWindowsHookExA 760A6322 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] USER32.dll!SetWindowsHookExW 760A87AD 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] USER32.dll!UnhookWindowsHookEx 760A98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] USER32.dll!SetWinEventHook 760A9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] USER32.dll!UnhookWinEvent 760AC06F 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] GDI32.dll!SetStretchBltMode + 256 75F4745C 7 Bytes JMP 6613B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateServiceW 75CB9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!DeleteService 75CBA07E 5 Bytes JMP 00180600 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 75CF6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 75CF6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 75CF6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 75CF7099 5 Bytes JMP 00180C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 75CF71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ADVAPI32.dll!CreateServiceA 75CF72A1 5 Bytes JMP 001801F8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002 IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000 IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74227817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7426B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7422BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7421F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7421E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7422DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7421FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7421FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7424C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7421D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74216853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7421687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1764] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74222AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72B5F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00020110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 001C07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 001C07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00020110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00020110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 001C0790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[2676] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001C07D0 IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72B5F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----