GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-15 16:32:39 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\vmscsi1Port2Path0Target0Lun0 VMware,_ rev.1.0_ Running: 0c5ndvwm.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\awedqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB2B2EDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB2BE3A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB2B2F85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB2B5BD5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB2B342E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB2B34330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB2B34422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB2B5B711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB2B34252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB2B34374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB2B3429A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB2B343DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB2B2EE44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB2B5C423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB2B5C6D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB2B319A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB2B5C28E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB2B5C0F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB2BE3B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB2B2EAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB2B2EE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB2B31D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB2B2FB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB2B3430E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB2B34352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB2B34446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB2B5BA6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB2B34278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB2B31518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB2B343AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB2B342C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB2B3174C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB2B34400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB2BE3CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB2B5BF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB2B2F9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB2B5BDC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB2BEDB68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB2B5AD84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB2B2EEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB2B2EF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB2B2EB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB2B2ECEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB2B5C52A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB2B2EC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB2B2ED5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xB2BE3D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB2B2EF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB2BE3BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB2BF9D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 24B0 805011B4 4 Bytes JMP A902B2B2 PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059A312 4 Bytes CALL B2B3019F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B073A 5 Bytes JMP B2BF6C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B7428 5 Bytes JMP B2BF874C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5C32 7 Bytes JMP B2BF9D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF80BA4F 5 Bytes JMP B2B33180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + E5A BF80C235 5 Bytes JMP B2B3307C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF810175 5 Bytes JMP B2B33036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D0 BF81C0A3 5 Bytes JMP B2B32724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 92C BF827A40 5 Bytes JMP B2B31F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + D80 BF83331E 5 Bytes JMP B2B332EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 7717 BF839CB5 5 Bytes JMP B2B334F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 112EA BF843888 5 Bytes JMP B2B31E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 5509 BF849B03 5 Bytes JMP B2B32104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 6882 BF84AE7C 5 Bytes JMP B2B3270C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTextOut + 1437 BF854BF4 5 Bytes JMP B2B32F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1036 BF857AD0 5 Bytes JMP B2B33232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 62A3 BF87FFC9 5 Bytes JMP B2B32384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 632C BF880052 5 Bytes JMP B2B32562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 70B0 BF880DD6 5 Bytes JMP B2B31E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 77A9 BF8814CF 5 Bytes JMP B2B3273C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 245E BF884C65 5 Bytes JMP B2B33450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_hGetColorTransform + AFDD BF89F83F 5 Bytes JMP B2B3251C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8BCD44 5 Bytes JMP B2B327FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4E4C BF8CEEE3 5 Bytes JMP B2B31D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + A434 BF8DAA77 5 Bytes JMP B2B330BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 77D BF8FAF04 5 Bytes JMP B2B31FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 4768 BF907C6D 5 Bytes JMP B2B327E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 58C BF908B12 5 Bytes JMP B2B321AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 80C BF908D92 5 Bytes JMP B2B322E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1993 BF911AD9 5 Bytes JMP B2B31F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2567 BF9126AD 5 Bytes JMP B2B320B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EC1 BF915007 5 Bytes JMP B2B3267C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 191E BF94290C 5 Bytes JMP B2B333A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 006C01F8 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 006C03FC .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 006C0804 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 006C0A08 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 006C0600 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 006D1014 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 006D0804 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 006D0A08 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 006D0C0C .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 006D0E10 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006D01F8 .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006D03FC .text C:\Program Files\VMware\VMware Tools\VMwareTray.exe[312] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 006D0600 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003F1014 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003F0804 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003F0A08 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003F0C0C .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003F0E10 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003F01F8 .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003F03FC .text C:\Program Files\VMware\VMware Tools\VMwareUser.exe[332] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003F0600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[340] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[340] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00371014 .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00370804 .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00370A08 .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00370C0C .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00370E10 .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003701F8 .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003703FC .text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00370600 .text C:\WINDOWS\system32\ctfmon.exe[396] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[396] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[396] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[396] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[396] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[440] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\smss.exe[612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[684] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\winlogon.exe[684] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\services.exe[728] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\services.exe[728] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[728] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[728] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[728] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[728] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\lsass.exe[740] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003D1014 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003D0804 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003D0A08 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003D0C0C .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003D0E10 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003D01F8 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003D03FC .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003D0600 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08 .text C:\Program Files\VMware\VMware Tools\vmacthlp.exe[892] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[908] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[932] KERNEL32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001401F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001403FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003C1014 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003C0804 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003C0A08 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003C0C0C .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003C0E10 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003C01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003C03FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003C0600 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1028] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\svchost.exe[1084] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\svchost.exe[1084] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1084] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 3 Bytes JMP 009B1014 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26BE5 1 Byte [88] .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 009B0804 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 009B0A08 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 009B0C0C .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 009B0E10 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 009B01F8 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 009B03FC .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 009B0600 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 00AC01F8 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 00AC03FC .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00AC0804 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00AC0A08 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\0c5ndvwm.exe[1172] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00AC0600 .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 006F1014 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 006F0804 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 006F0A08 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 006F0C0C .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 006F0E10 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 006F01F8 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 006F03FC .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 006F0600 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 007001F8 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 007003FC .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00700804 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00700A08 .text C:\Program Files\VMware\VMware Tools\vmtoolsd.exe[1336] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00700600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1600] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1600] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\Explorer.EXE[1600] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\Explorer.EXE[1600] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[1600] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1600] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[1600] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[1600] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 001501F8 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 001503FC .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 003E1014 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 003E0804 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 003E0A08 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 003E0C0C .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 003E0E10 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003E01F8 .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003E03FC .text C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe[1608] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\spoolsv.exe[1684] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1684] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C8678BC 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\spoolsv.exe[1684] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1684] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[340] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[728] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002 IAT C:\WINDOWS\system32\services.exe[728] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----