GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-12 16:18:33 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-60ZCT1 rev.13.01A13 Running: q77kkor0.exe; Driver: C:\Users\Tomek'\AppData\Local\Temp\kwddykog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FE41DF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90FB4A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8FE4285E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FE472E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FE47330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FE47422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FE47252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8FE47374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FE4729A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FE473DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FE41E44] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90FB4B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8FE41AD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FE41E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FE44D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FE42B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FE4730E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FE47352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FE47446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FE47278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FE473AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FE472C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FE47400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90FB4CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FE429CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FE41EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FE41F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FE41B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FE41CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FE41C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FE41D5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90FB4D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FE41F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90FB4BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90FCAD92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82E46369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7FD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E86D80 4 Bytes [F8, 1D, E4, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E86DA8 4 Bytes [5A, 4A, FB, 90] {POP EDX; DEC EDX; STI ; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E86E08 4 Bytes [5E, 28, E4, 8F] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E86E5C 8 Bytes [E4, 72, E4, 8F, 30, 73, E4, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E86E68 4 Bytes [22, 74, E4, 8F] {AND DH, [ESP-0x71]} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83013BE8 5 Bytes JMP 90FC7C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 8302C1D0 5 Bytes JMP 90FC9764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83041317 4 Bytes CALL 8FE431B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8305B0E9 4 Bytes CALL 8FE431CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 830E4F30 7 Bytes JMP 90FCAD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[476] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[476] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[476] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[476] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\wininit.exe[476] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC .text C:\Windows\system32\wininit.exe[476] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804 .text C:\Windows\system32\wininit.exe[476] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\wininit.exe[476] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\services.exe[536] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[536] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[536] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[548] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[548] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[548] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\lsm.exe[556] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[556] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[556] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[672] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[672] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[672] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[672] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00440A08 .text C:\Windows\system32\svchost.exe[672] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 004403FC .text C:\Windows\system32\svchost.exe[672] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00440804 .text C:\Windows\system32\svchost.exe[672] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 004401F8 .text C:\Windows\system32\svchost.exe[672] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00440600 .text C:\Windows\system32\nvvsvc.exe[752] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Windows\system32\nvvsvc.exe[752] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Windows\system32\nvvsvc.exe[752] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 002F0A08 .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002F03FC .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 002F0804 .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002F01F8 .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 002F0600 .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[796] user32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00480A08 .text C:\Windows\system32\svchost.exe[796] user32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 004803FC .text C:\Windows\system32\svchost.exe[796] user32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00480804 .text C:\Windows\system32\svchost.exe[796] user32.dll!SetWinEventHook 770424DC 5 Bytes JMP 004801F8 .text C:\Windows\system32\svchost.exe[796] user32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00480600 .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[848] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600 .text C:\Windows\System32\svchost.exe[900] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[900] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[900] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 002F0A08 .text C:\Windows\System32\svchost.exe[900] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002F03FC .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 002F0804 .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002F01F8 .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 002F0600 .text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00550A08 .text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 005503FC .text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00550804 .text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 005501F8 .text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00550600 .text C:\Windows\system32\svchost.exe[980] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[980] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00750A08 .text C:\Windows\system32\svchost.exe[980] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 007503FC .text C:\Windows\system32\svchost.exe[980] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00750804 .text C:\Windows\system32\svchost.exe[980] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 007501F8 .text C:\Windows\system32\svchost.exe[980] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00750600 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1012] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe[1164] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe[1164] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe[1164] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\notepad.exe[1188] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\notepad.exe[1188] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\notepad.exe[1188] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\notepad.exe[1188] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00140A08 .text C:\Windows\notepad.exe[1188] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001403FC .text C:\Windows\notepad.exe[1188] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00140804 .text C:\Windows\notepad.exe[1188] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001401F8 .text C:\Windows\notepad.exe[1188] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00140600 .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00550A08 .text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 005503FC .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00550804 .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 005501F8 .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00550600 .text C:\Windows\system32\winlogon.exe[1264] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000703FC .text C:\Windows\system32\winlogon.exe[1264] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\winlogon.exe[1264] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[1264] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\winlogon.exe[1264] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC .text C:\Windows\system32\winlogon.exe[1264] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804 .text C:\Windows\system32\winlogon.exe[1264] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\winlogon.exe[1264] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1460] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1460] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1460] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\nvvsvc.exe[1544] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Windows\system32\nvvsvc.exe[1544] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Windows\system32\nvvsvc.exe[1544] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1544] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\nvvsvc.exe[1544] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\nvvsvc.exe[1544] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\nvvsvc.exe[1544] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\nvvsvc.exe[1544] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1676] kernel32.dll!SetUnhandledExceptionFilter 771CF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1676] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[1828] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600 .text C:\Windows\system32\Dwm.exe[1920] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[1920] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[1920] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1920] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[1920] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[1920] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[1920] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[1920] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600 .text C:\Windows\System32\spoolsv.exe[1948] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[1948] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00140A08 .text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001403FC .text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00140804 .text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001401F8 .text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00140600 .text C:\Windows\Explorer.EXE[1992] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[1992] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[1992] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1992] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\Explorer.EXE[1992] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000E03FC .text C:\Windows\Explorer.EXE[1992] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000E0804 .text C:\Windows\Explorer.EXE[1992] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000E01F8 .text C:\Windows\Explorer.EXE[1992] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000E0600 .text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00400A08 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 004003FC .text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00400804 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 004001F8 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00400600 .text C:\Windows\system32\taskhost.exe[2044] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[2044] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[2044] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2044] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[2044] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[2044] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[2044] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[2044] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000E0600 .text C:\Windows\system32\lkcitdl.exe[2168] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001503FC .text C:\Windows\system32\lkcitdl.exe[2168] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001501F8 .text C:\Windows\system32\lkcitdl.exe[2168] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\lkcitdl.exe[2168] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\lkcitdl.exe[2168] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\lkcitdl.exe[2168] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\lkcitdl.exe[2168] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\lkcitdl.exe[2168] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\lkads.exe[2188] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001503FC .text C:\Windows\system32\lkads.exe[2188] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001501F8 .text C:\Windows\system32\lkads.exe[2188] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\lkads.exe[2188] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\lkads.exe[2188] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\lkads.exe[2188] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\lkads.exe[2188] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\lkads.exe[2188] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\lktsrv.exe[2212] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001503FC .text C:\Windows\system32\lktsrv.exe[2212] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001501F8 .text C:\Windows\system32\lktsrv.exe[2212] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\lktsrv.exe[2212] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\lktsrv.exe[2212] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\lktsrv.exe[2212] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\lktsrv.exe[2212] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\lktsrv.exe[2212] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001503FC .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001501F8 .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00170A08 .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001703FC .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00170804 .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001701F8 .text C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe[2256] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00170600 .text C:\Windows\system32\NOTEPAD.EXE[2380] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\NOTEPAD.EXE[2380] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\NOTEPAD.EXE[2380] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\NOTEPAD.EXE[2380] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\NOTEPAD.EXE[2380] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC .text C:\Windows\system32\NOTEPAD.EXE[2380] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804 .text C:\Windows\system32\NOTEPAD.EXE[2380] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\NOTEPAD.EXE[2380] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00220A08 .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002203FC .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00220804 .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002201F8 .text C:\Users\Tomek'\Downloads\q77kkor0.exe[2648] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00220600 .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000503FC .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000501F8 .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe[2760] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001703FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001701F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2800] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600 .text C:\Windows\system32\AUDIODG.EXE[2960] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3028] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[3028] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[3028] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3028] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\wuauclt.exe[3028] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC .text C:\Windows\system32\wuauclt.exe[3028] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804 .text C:\Windows\system32\wuauclt.exe[3028] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\wuauclt.exe[3028] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3104] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600 .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[3236] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[3236] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3236] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\SearchIndexer.exe[3236] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC .text C:\Windows\system32\SearchIndexer.exe[3236] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804 .text C:\Windows\system32\SearchIndexer.exe[3236] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[3236] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3472] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3480] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00310A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00310804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3488] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00310600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00320A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 003203FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00320804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 003201F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] USER32.dll!GetWindowInfo 77044B5E 5 Bytes JMP 679C0924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] USER32.dll!TrackPopupMenu 77052228 5 Bytes JMP 679C0ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3592] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00320600 .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001803FC .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00180804 .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001801F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GlobeTrotter Connect.exe[3604] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00180600 .text C:\Windows\notepad.exe[3620] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\notepad.exe[3620] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\notepad.exe[3620] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\notepad.exe[3620] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00100A08 .text C:\Windows\notepad.exe[3620] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001003FC .text C:\Windows\notepad.exe[3620] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00100804 .text C:\Windows\notepad.exe[3620] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001001F8 .text C:\Windows\notepad.exe[3620] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00100600 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002003FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00200804 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002001F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3660] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00200600 .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001503FC .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001501F8 .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001E0A08 .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001E03FC .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001E0804 .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001E01F8 .text C:\Windows\Samsung\PanelMgr\SSMMgr.exe[3668] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001E0600 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 002F0A08 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002F03FC .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 002F0804 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002F01F8 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 002F0600 .text C:\Program Files\IDT\WDM\sttray.exe[3748] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\IDT\WDM\sttray.exe[3748] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\IDT\WDM\sttray.exe[3748] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\IDT\WDM\sttray.exe[3748] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\IDT\WDM\sttray.exe[3748] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\Program Files\IDT\WDM\sttray.exe[3748] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\Program Files\IDT\WDM\sttray.exe[3748] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\Program Files\IDT\WDM\sttray.exe[3748] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft Security Client\msseces.exe[3756] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3776] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\wbem\wmiprvse.exe[3868] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[3868] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3868] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3868] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3868] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000903FC .text C:\Windows\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00090804 .text C:\Windows\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3868] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00090600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3924] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 00210A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 002103FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 00210804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 002101F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3932] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 00210600 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 001603FC .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 001601F8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 001F0A08 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 001F03FC .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 001F0804 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 001F01F8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3960] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] ntdll.dll!LdrUnloadDll 77BFC86E 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] ntdll.dll!LdrLoadDll 77C0223E 5 Bytes JMP 67845B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] kernel32.dll!GetBinaryTypeW + 70 771E69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] USER32.dll!UnhookWindowsHookEx 7703ADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] USER32.dll!UnhookWinEvent 7703B750 5 Bytes JMP 000F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] USER32.dll!SetWindowsHookExW 7703E30C 5 Bytes JMP 000F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] USER32.dll!SetWinEventHook 770424DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4076] USER32.dll!SetWindowsHookExA 77066D0C 5 Bytes JMP 000F0600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7169F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FE2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FC5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FC56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FE24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FD8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FD4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FD506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FD5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73FD6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FD826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FD87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FD901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FDE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FD4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C2FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C2FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C2FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3708] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C2FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7169F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----