GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-03-27 20:18:05 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e SAMSUNG_HD321KJ rev.CP100-10 Running: ngngw92l.exe; Driver: C:\DOCUME~1\Mateusz\USTAWI~1\Temp\fgpdqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB5AE8728] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB5AEF7EA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB5AEF6A2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB5AEFCA8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB5AEFBBE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB5AEF276] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB5AE87D8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB5AEF77E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB5AEF1B2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB5AEF218] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB5AE8870] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB5AEF8C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB5AEFD76] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB5AEF880] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB5AEFA04] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB5AFC82E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB5AFC652] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB5AFC78C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2BFC 805039D0 4 Bytes JMP 00B5AEF7 PAGE ntkrnlpa.exe!ZwLoadDriver 80582EA6 7 Bytes JMP B5AFC790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!NtCreateSection 805A9E9E 7 Bytes JMP B5AFC656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP B5AF81EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP B5AF9C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP B5AFC832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB953F380, 0x2FF527, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB528A300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA488300, 0x1B7E, 0xE8000020] pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB4CB1F00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!HttpOpenRequestA 771B3674 5 Bytes JMP 2004E99E .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 2004DF3E .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 2004E9F8 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 2004DEAA .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 2004E8E3 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 2004DE1E .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!HttpOpenRequestW 771BF3BE 5 Bytes JMP 2004E9CB .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 2004EA1F .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 2004E5C4 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 2004DF11 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 2004E721 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!InternetReadFileExW 771E90DE 5 Bytes JMP 2004E7C8 .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 2004DEDF .text C:\Program Files\Java\jre6\bin\jusched.exe[132] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 2004DE64 ? C:\WINDOWS\Explorer.EXE[436] time/date stamp mismatch; unknown module: WINMM.dllunknown module: SETUPAPI.dllunknown module: WINSTA.dllunknown module: OLEACC.dllunknown module: OLEAUT32.dllunknown module: BROWSEUI.dllunknown module: SHDOCVW.dllunknown module: UxTheme.dll .text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!HttpOpenRequestA 771B3674 5 Bytes JMP 202EE99E .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 202EDF3E .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 202EE9F8 .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 202EDEAA .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 202EE8E3 .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 202EDE1E .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!HttpOpenRequestW 771BF3BE 5 Bytes JMP 202EE9CB .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 202EEA1F .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 202EE5C4 .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 202EDF11 .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 202EE721 .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!InternetReadFileExW 771E90DE 5 Bytes JMP 202EE7C8 .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 202EDEDF .text C:\WINDOWS\Explorer.EXE[436] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 202EDE64 .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\WINDOWS\Explorer.EXE[436] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F ? C:\WINDOWS\System32\smss.exe[628] time/date stamp mismatch; ? C:\WINDOWS\system32\csrss.exe[680] time/date stamp mismatch; unknown module: CSRSRV.dll .text C:\WINDOWS\system32\csrss.exe[680] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\csrss.exe[680] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\csrss.exe[680] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\csrss.exe[680] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 ? C:\WINDOWS\system32\winlogon.exe[712] time/date stamp mismatch; unknown module: WINMM.dllunknown module: MSGINA.dllunknown module: RASAPI32.dllunknown module: MPR.dllunknown module: AUTHZ.dllunknown module: NDdeApi.dllunknown module: PROFMAP.dllunknown module: SETUPAPI.dllunknown module: VERSION.dllunknown module: WINSTA.dllunknown module: WINTRUST.dll .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!send 71A5428A 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2004D65F ? C:\WINDOWS\system32\services.exe[756] time/date stamp mismatch; unknown module: NTDSAPI.dllunknown module: NCObjAPI.DLLunknown module: SCESRV.dllunknown module: umpnpmgr.dll .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!send 71A5428A 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2004D65F .text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!send 71A5428A 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\lsass.exe[768] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2004D65F .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[772] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\nvsvc32.exe[836] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\nvsvc32.exe[836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\nvsvc32.exe[836] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\nvsvc32.exe[836] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!send 71A5428A 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\nvsvc32.exe[836] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2004D65F ? C:\WINDOWS\system32\svchost.exe[932] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\WINDOWS\system32\svchost.exe[932] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F ? C:\WINDOWS\system32\svchost.exe[984] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[1036] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\RTHDCPL.EXE[1044] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\RTHDCPL.EXE[1044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\RTHDCPL.EXE[1044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\WINDOWS\RTHDCPL.EXE[1044] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\RTHDCPL.EXE[1044] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) ? C:\WINDOWS\System32\svchost.exe[1080] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\WINDOWS\System32\svchost.exe[1080] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!HttpOpenRequestA 771B3674 5 Bytes JMP 202EE99E .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 202EDF3E .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 202EE9F8 .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 202EDEAA .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 202EE8E3 .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 202EDE1E .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!HttpOpenRequestW 771BF3BE 5 Bytes JMP 202EE9CB .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 202EEA1F .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 202EE5C4 .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 202EDF11 .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 202EE721 .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetReadFileExW 771E90DE 5 Bytes JMP 202EE7C8 .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 202EDEDF .text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 202EDE64 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] advapi32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!HttpOpenRequestA 771B3674 5 Bytes JMP 2004E99E .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 2004DF3E .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 2004E9F8 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 2004DEAA .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetReadFile 771B827C 5 Bytes JMP 2004E8E3 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 2004DE1E .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!HttpOpenRequestW 771BF3BE 5 Bytes JMP 2004E9CB .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 2004EA1F .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 2004E5C4 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetWriteFile 771E8147 5 Bytes JMP 2004DF11 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetReadFileExA 771E868E 5 Bytes JMP 2004E721 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!InternetReadFileExW 771E90DE 5 Bytes JMP 2004E7C8 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!HttpSendRequestW 772023AC 5 Bytes JMP 2004DEDF .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] wininet.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 2004DE64 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2004D268 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2004D583 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!send 71A5428A 5 Bytes JMP 2004D21A .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2004D6D6 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2004D51E .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2004D5EE .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2004D872 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2004D7A1 .text C:\Program Files\AutoConnect\AutoConnect.exe[1156] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2004D65F .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[1184] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) ? C:\WINDOWS\system32\svchost.exe[1200] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2004D268 .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2004D583 .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!send 71A5428A 5 Bytes JMP 2004D21A .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2004D6D6 .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2004D51E .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2004D5EE .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2004D872 .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2004D7A1 .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2004D65F ? C:\WINDOWS\system32\svchost.exe[1308] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\WINDOWS\system32\svchost.exe[1308] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F ? C:\WINDOWS\system32\svchost.exe[1400] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[1452] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2004D268 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2004D583 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!send 71A5428A 5 Bytes JMP 2004D21A .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2004D6D6 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2004D51E .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2004D5EE .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2004D872 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2004D7A1 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2004D65F .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Java\jre6\bin\jqs.exe[1456] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1516] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\WINDOWS\system32\wdfmgr.exe[1524] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2004FD3C .text C:\WINDOWS\system32\wdfmgr.exe[1524] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20047851 .text C:\WINDOWS\system32\wdfmgr.exe[1524] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2004FBB8 .text C:\WINDOWS\system32\wdfmgr.exe[1524] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2004C805 .text C:\WINDOWS\system32\wdfmgr.exe[1524] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wdfmgr.exe[1524] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\system32\spoolsv.exe[1856] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\system32\spoolsv.exe[1856] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\system32\spoolsv.exe[1856] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\WINDOWS\system32\spoolsv.exe[1856] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F ? C:\WINDOWS\system32\svchost.exe[2000] time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!HttpOpenRequestA 771B3674 5 Bytes JMP 202EE99E .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 202EDF3E .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 202EE9F8 .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 202EDEAA .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 202EE8E3 .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 202EDE1E .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!HttpOpenRequestW 771BF3BE 5 Bytes JMP 202EE9CB .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 202EEA1F .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 202EE5C4 .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 202EDF11 .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 202EE721 .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!InternetReadFileExW 771E90DE 5 Bytes JMP 202EE7C8 .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 202EDEDF .text C:\WINDOWS\system32\svchost.exe[2000] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 202EDE64 .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 202EFD3C .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 202E7851 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 202EFBB8 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 202EC805 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 202ED268 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 202ED583 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!send 71A5428A 5 Bytes JMP 202ED21A .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 202ED6D6 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!recv 71A5615A 5 Bytes JMP 202ED51E .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 202ED5EE .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 202ED872 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 202ED7A1 .text C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe[2032] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 202ED65F .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2132] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FBB8 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2001C805 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!HttpOpenRequestA 771B3674 5 Bytes JMP 2001E99E .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetCloseHandle 771B4D3C 5 Bytes JMP 2001DF3E .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 2001E9F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!HttpSendRequestA 771B60C9 5 Bytes JMP 2001DEAA .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetReadFile 771B827C 5 Bytes JMP 2001E8E3 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!HttpSendRequestExW 771BE989 5 Bytes JMP 2001DE1E .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!HttpOpenRequestW 771BF3BE 5 Bytes JMP 2001E9CB .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 2001EA1F .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetQueryDataAvailable 771C8A37 5 Bytes JMP 2001E5C4 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetWriteFile 771E8147 5 Bytes JMP 2001DF11 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetReadFileExA 771E868E 5 Bytes JMP 2001E721 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!InternetReadFileExW 771E90DE 5 Bytes JMP 2001E7C8 .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!HttpSendRequestW 772023AC 5 Bytes JMP 2001DEDF .text C:\Program Files\Internet Explorer\iexplore.exe[2144] WININET.dll!HttpSendRequestExA 772024B1 5 Bytes JMP 2001DE64 .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2031FD3C .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20317851 .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2031FBB8 .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] advapi32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] user32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2031C805 .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] user32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] user32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] user32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] user32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Documents and Settings\Mateusz\Pulpit\ngngw92l.exe[2384] user32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2031FD3C .text C:\WINDOWS\system32\wscntfy.exe[3224] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20317851 .text C:\WINDOWS\system32\wscntfy.exe[3224] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2031FBB8 .text C:\WINDOWS\system32\wscntfy.exe[3224] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2031C805 .text C:\WINDOWS\system32\wscntfy.exe[3224] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\wscntfy.exe[3224] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) ? C:\WINDOWS\System32\svchost.exe[3248] time/date stamp mismatch; .text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\System32\svchost.exe[3248] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2001C805 .text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[3248] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FBB8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2001C805 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3492] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\system32\msiexec.exe[3560] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\system32\msiexec.exe[3560] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\system32\msiexec.exe[3560] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2001C805 .text C:\WINDOWS\system32\msiexec.exe[3560] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\msiexec.exe[3560] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 2001FD3C .text C:\WINDOWS\System32\alg.exe[4044] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 20017851 .text C:\WINDOWS\System32\alg.exe[4044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 2001FBB8 .text C:\WINDOWS\System32\alg.exe[4044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] USER32.dll!TranslateMessage 77D38BCE 5 Bytes JMP 2001C805 .text C:\WINDOWS\System32\alg.exe[4044] USER32.dll!SetWinEventHook 77D5E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] USER32.dll!SetWindowsHookExW 77D5E621 4 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] USER32.dll!SetWindowsHookExA 77D602B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!SetServiceObjectSecurity 77E26C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!ChangeServiceConfigA 77E26D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!ChangeServiceConfigW 77E26EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!ChangeServiceConfig2A 77E26FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!ChangeServiceConfig2W 77E27031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!CreateServiceA 77E270B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!CreateServiceW 77E27251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] ADVAPI32.dll!DeleteService 77E27359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!sendto 71A52C69 5 Bytes JMP 2001D268 .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!recvfrom 71A52D0F 5 Bytes JMP 2001D583 .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!send 71A5428A 5 Bytes JMP 2001D21A .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 2001D6D6 .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!recv 71A5615A 5 Bytes JMP 2001D51E .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 2001D5EE .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 2001D872 .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!WSARecvFrom 71A5F652 5 Bytes JMP 2001D7A1 .text C:\WINDOWS\System32\alg.exe[4044] WS2_32.dll!WSASendTo 71A60A95 5 Bytes JMP 2001D65F ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00640002 IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00640000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x73 0xD3 0x5E 0x4E ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9F 0x45 0x63 0xAF ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x24 0x14 0x2E 0x0A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x99 0x1E 0xC1 0x35 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xEB 0x49 0xA4 0xA6 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0xEB 0x49 0xA4 0xA6 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0B 0x0D 0xB4 0x30 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x35 0xA5 0x11 0x80 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0xC3 0xD6 0xC2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0x20 0x26 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x2C 0x2D 0x33 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0x20 0x26 0x65 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x2C 0x2D 0x33 ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft\Office\Niedawny\Harmonogram_EWALUACJI.LNK 808 bytes File C:\Documents and Settings\Mateusz\Dane aplikacji\Microsoft\Office\Niedawny\Henryk Sienkiewicz w powieści.LNK 848 bytes File C:\Documents and Settings\Mateusz\Menu Start\Programy\Autostart\vbtqaqki.exe 181638 bytes executable File C:\Documents and Settings\Mateusz\Moje dokumenty\~$KIETA DLA RODZICÓW - oferta edukacyjna.doc 162 bytes File C:\Documents and Settings\Mateusz\Moje dokumenty\~WRD0001.tmp 41472 bytes File C:\Documents and Settings\Mateusz\Recent\spis treści.lnk 1033 bytes File C:\Documents and Settings\Mateusz\Recent\Pozostałe dochody z tytułu refakturowania usług.2008 4.lnk 1248 bytes File C:\Documents and Settings\Mateusz\Recent\kalkulacja zatrudnienia.lnk 1093 bytes File C:\Documents and Settings\Mateusz\Recent\projekt planu dla organizacyjnego na 2008r..lnk 0 bytes File C:\Documents and Settings\Mateusz\Ustawienia lokalne\temp\~DFBF91.tmp 0 bytes File C:\Documents and Settings\Mateusz\Ustawienia lokalne\temp\~DFC053.tmp 0 bytes File C:\Documents and Settings\Mateusz\Ustawienia lokalne\temp\~DFC4BF.tmp 0 bytes File C:\Documents and Settings\Mateusz\Ustawienia lokalne\temp\msoDA.wmf 0 bytes File C:\Program Files\mjdggexf\vbtqaqki.exe 181638 bytes executable File C:\System Volume Information\_restore{B51FBA77-B774-4407-828A-820F77D6BD50}\RP751\A0332096.exe 6656 bytes executable File C:\System Volume Information\_restore{B51FBA77-B774-4407-828A-820F77D6BD50}\RP751\A0332114.dll 245828 bytes executable File C:\System Volume Information\_restore{B51FBA77-B774-4407-828A-820F77D6BD50}\RP751\A0332132.dll 28160 bytes File C:\System Volume Information\_restore{B51FBA77-B774-4407-828A-820F77D6BD50}\RP751\A0332150.dll 237637 bytes executable ---- EOF - GMER 1.0.15 ----