GMER 2.1.19115 - http://www.gmer.net Rootkit scan 2013-03-03 21:47:50 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL05 149,05GB Running: l8xeverq.exe; Driver: C:\Users\Azuro\AppData\Local\Temp\ugtdapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9431859C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x99535388] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9431902E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x943247F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9432483E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x943249D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x94324760] SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xAE076700] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x943247A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9431952C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x94324992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x94319DE4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x94318602] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9431D5C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x99535450] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x995339B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x94318668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9431D98C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9431A874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9432481C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x94324860] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x943249FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x94324786] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9431CEA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x94324910] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x943247D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9431D29A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x943249B6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x995355B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9431A740] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x9431A296] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x943186CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x94318734] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x94319C5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x94318284] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9431845A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x943183E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x94319FAE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x9431A110] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x943184E2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x99535678] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x94319C3E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x995339E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9431879A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x995354FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x94319748] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9954EBA0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828C87D0 4 Bytes [9C, 85, 31, 94] {PUSHF ; TEST [ECX], ESI; XCHG ESP, EAX} .text ntkrnlpa.exe!KeSetEvent + 131 828C87F4 4 Bytes [88, 53, 53, 99] {MOV [EBX+0x53], DL; CDQ } .text ntkrnlpa.exe!KeSetEvent + 191 828C8854 4 Bytes [2E, 90, 31, 94] .text ntkrnlpa.exe!KeSetEvent + 1D1 828C8894 8 Bytes [F2, 47, 32, 94, 3E, 48, 32, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 828C88A0 4 Bytes [D8, 49, 32, 94] {FMUL DWORD [ECX+0x32]; XCHG ESP, EAX} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829F35EF 5 Bytes JMP 9954BA3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82A4C4D3 5 Bytes JMP 9954D554 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A55DEF 4 Bytes CALL 9431AF37 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A59A63 4 Bytes CALL 9431AF4D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AADDBC 7 Bytes JMP 9954EBA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9060A380, 0x356B08, 0xE8000020] .text win32k.sys!EngCreateRectRgn + 454E A0AF04AD 5 Bytes JMP 9431E628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + FDC A0B00665 5 Bytes JMP 9431E6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 A0B096C9 5 Bytes JMP 9431F3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 A0B0A4B5 5 Bytes JMP 9431F56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C53 A0B12C67 5 Bytes JMP 9431D9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 9360 A0B13374 5 Bytes JMP 9431E88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 A0B13BBD 5 Bytes JMP 9431F1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30F7 A0B1F2F7 5 Bytes JMP 9431E4DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4569 A0B20769 5 Bytes JMP 9431DD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 46B8 A0B208B8 5 Bytes JMP 9431E7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4C4D A0B20E4D 5 Bytes JMP 9431E7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 5235 A0B21435 5 Bytes JMP 9431E2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A2A A0B3A305 5 Bytes JMP 9431E22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A7E A0B3A359 5 Bytes JMP 9431E508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F A0B614D3 5 Bytes JMP 9431F060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DD A0B63E31 5 Bytes JMP 9431DAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D4B A0B6A7BA 5 Bytes JMP 9431DDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B49 A0B74C4C 5 Bytes JMP 9431F614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF A0B77B3C 5 Bytes JMP 9431DBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 1D73 A0B81957 5 Bytes JMP 9431F162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + B996 A0B91F03 5 Bytes JMP 9431E6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 8C4 A0B960F5 5 Bytes JMP 9431F33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6F6A A0B9C79B 5 Bytes JMP 9431F116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F A0B9FF0A 5 Bytes JMP 9431F284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4732 A0BA7833 5 Bytes JMP 9431DCDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E7F A0BC5DE6 5 Bytes JMP 9431E008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 24C A0BCB6AE 5 Bytes JMP 9431DEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 A0BCF1E6 5 Bytes JMP 9431F4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 3765 A0BE75E6 5 Bytes JMP 9431E70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A1B A0BED73F 5 Bytes JMP 9431DF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D2A3 A0BF9FC7 5 Bytes JMP 9431E150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + 10D1A A0BFDA3E 5 Bytes JMP 9431E0AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ? C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys Nie można odnaleźć określonego pliku. ! .text ntdll.dll!LdrLoadDll 77B39378 5 Bytes [E9, 7B, 6E, 62, 88] {JMP 0x88626e80} .text ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes [E9, 77, 4D, 61, 88] {JMP 0x88614d7c} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[364] kernel32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\svchost.exe[536] kernel32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\System32\svchost.exe[628] kernel32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\csrss.exe[648] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 66798BF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] KERNEL32.dll!HeapSetInformation + 26 77C6A8B0 7 Bytes JMP 667AF1AD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] KERNEL32.dll!LockResource + C 77C86ACB 7 Bytes JMP 66AE7FCD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] KERNEL32.dll!VirtualAllocEx + 54 77C8AF50 7 Bytes JMP 66AE7FF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00170600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00170804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001703FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] GDI32.dll!SetStretchBltMode + 256 77D2745C 7 Bytes JMP 66AE7F4E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001903FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00190600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00191014 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00190804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00190A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00190C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00190E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1772] kernel32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1820] kernel32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Acer\Mobility Center\MobilityService.exe[1860] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2128] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2128] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2128] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2128] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2128] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2128] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2128] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2128] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2128] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2456] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00180600 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00180804 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00180A08 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\taskeng.exe[2524] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2524] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2524] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2524] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2524] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2524] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2524] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2524] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2524] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[2696] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[2696] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[2696] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[2696] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[2696] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[2696] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[2696] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[2696] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[2696] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2720] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2720] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2720] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\taskeng.exe[2720] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[2720] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\taskeng.exe[2720] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\taskeng.exe[2720] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\taskeng.exe[2720] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\taskeng.exe[2720] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000C03FC .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001601F8 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001603FC .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00180600 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00180804 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00180A08 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001801F8 .text C:\Users\Azuro\Desktop\l8xeverq.exe[2736] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001803FC .text C:\Windows\Explorer.EXE[2784] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[2784] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[2784] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000B03FC .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 000B0600 .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 000B1014 .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 000B0804 .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 000B0A08 .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 000B0C0C .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 000B0E10 .text C:\Windows\Explorer.EXE[2784] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000B01F8 .text C:\Windows\Explorer.EXE[2784] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 000C0600 .text C:\Windows\Explorer.EXE[2784] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 000C0804 .text C:\Windows\Explorer.EXE[2784] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 000C0A08 .text C:\Windows\Explorer.EXE[2784] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\Explorer.EXE[2784] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000C03FC .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Program Files\Windows Defender\MSASCui.exe[2928] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 000C0600 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 000C0804 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 000C0A08 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\Windows Defender\MSASCui.exe[2928] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000C03FC .text C:\Windows\RtHDVCpl.exe[2964] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001601F8 .text C:\Windows\RtHDVCpl.exe[2964] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001603FC .text C:\Windows\RtHDVCpl.exe[2964] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Windows\RtHDVCpl.exe[2964] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Windows\RtHDVCpl.exe[2964] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00180600 .text C:\Windows\RtHDVCpl.exe[2964] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00180804 .text C:\Windows\RtHDVCpl.exe[2964] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00180A08 .text C:\Windows\RtHDVCpl.exe[2964] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001801F8 .text C:\Windows\RtHDVCpl.exe[2964] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001803FC .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001601F8 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001603FC .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00170600 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00170804 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00170A08 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001701F8 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001703FC .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001803FC .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00180600 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00181014 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00180804 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00180A08 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00180C0C .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00180E10 .text C:\Acer\Empowering Technology\eAudio\eAudio.exe[2976] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Launch Manager\LManager.exe[3084] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001601F8 .text C:\Program Files\Launch Manager\LManager.exe[3084] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001603FC .text C:\Program Files\Launch Manager\LManager.exe[3084] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Launch Manager\LManager.exe[3084] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00170600 .text C:\Program Files\Launch Manager\LManager.exe[3084] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00170804 .text C:\Program Files\Launch Manager\LManager.exe[3084] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Launch Manager\LManager.exe[3084] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Launch Manager\LManager.exe[3084] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001703FC .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001803FC .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00180600 .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00180C0C .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Launch Manager\LManager.exe[3084] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00160600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00160804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3100] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Apoint2K\Apoint.exe[3180] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Apoint2K\Apoint.exe[3180] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Apoint2K\Apoint.exe[3180] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Apoint2K\Apoint.exe[3180] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00160600 .text C:\Program Files\Apoint2K\Apoint.exe[3180] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00160804 .text C:\Program Files\Apoint2K\Apoint.exe[3180] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Apoint2K\Apoint.exe[3180] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Apoint2K\Apoint.exe[3180] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001603FC .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Apoint2K\Apoint.exe[3180] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] kernel32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\System32\rundll32.exe[3244] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000701F8 .text C:\Windows\System32\rundll32.exe[3244] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000703FC .text C:\Windows\System32\rundll32.exe[3244] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\System32\rundll32.exe[3244] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00080600 .text C:\Windows\System32\rundll32.exe[3244] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00080804 .text C:\Windows\System32\rundll32.exe[3244] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\rundll32.exe[3244] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\rundll32.exe[3244] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000D03FC .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 000D0600 .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 000D1014 .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 000D0804 .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 000D0A08 .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 000D0C0C .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 000D0E10 .text C:\Windows\System32\rundll32.exe[3244] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000D01F8 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001601F8 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001603FC .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00190600 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00190804 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00190A08 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[3256] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001903FC .text C:\Windows\System32\rundll32.exe[3336] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000701F8 .text C:\Windows\System32\rundll32.exe[3336] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000703FC .text C:\Windows\System32\rundll32.exe[3336] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Windows\System32\rundll32.exe[3336] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00080600 .text C:\Windows\System32\rundll32.exe[3336] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00080804 .text C:\Windows\System32\rundll32.exe[3336] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\rundll32.exe[3336] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\rundll32.exe[3336] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 000903FC .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00090600 .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00091014 .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00090804 .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00090A08 .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00090C0C .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00090E10 .text C:\Windows\System32\rundll32.exe[3336] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 000901F8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001601F8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001603FC .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00170600 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00170804 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001703FC .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001803FC .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00180600 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00180C0C .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Apoint2K\ApMsgFwd.exe[3520] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Apoint2K\Apntex.exe[3688] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Apoint2K\Apntex.exe[3688] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Apoint2K\Apntex.exe[3688] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Program Files\Apoint2K\Apntex.exe[3688] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00160600 .text C:\Program Files\Apoint2K\Apntex.exe[3688] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00160804 .text C:\Program Files\Apoint2K\Apntex.exe[3688] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Apoint2K\Apntex.exe[3688] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Apoint2K\Apntex.exe[3688] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001603FC .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Apoint2K\Apntex.exe[3688] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001601F8 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001603FC .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] KERNEL32.dll!GetBinaryTypeW + 70 77C92447 1 Byte [62] .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!CreateServiceW 76F69EB4 5 Bytes JMP 001703FC .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!DeleteService 76F6A07E 5 Bytes JMP 00170600 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!SetServiceObjectSecurity 76FA6CD9 5 Bytes JMP 00171014 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!ChangeServiceConfigA 76FA6DD9 5 Bytes JMP 00170804 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!ChangeServiceConfigW 76FA6F81 5 Bytes JMP 00170A08 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!ChangeServiceConfig2A 76FA7099 5 Bytes JMP 00170C0C .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!ChangeServiceConfig2W 76FA71E1 5 Bytes JMP 00170E10 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] ADVAPI32.dll!CreateServiceA 76FA72A1 5 Bytes JMP 001701F8 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] USER32.dll!SetWindowsHookExA 76BC6322 5 Bytes JMP 00180600 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] USER32.dll!SetWindowsHookExW 76BC87AD 5 Bytes JMP 00180804 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] USER32.dll!UnhookWindowsHookEx 76BC98DB 5 Bytes JMP 00180A08 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] USER32.dll!SetWinEventHook 76BC9F3A 5 Bytes JMP 001801F8 .text C:\Users\Azuro\AppData\Local\Temp\RtkBtMnt.exe[3904] USER32.dll!UnhookWinEvent 76BCC06F 5 Bytes JMP 001803FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00170002 IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00170000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7481FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74997817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749DB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7499BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7498F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7498E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749C73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7499DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7498FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7498FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7498D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74986853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7498687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74992AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3188] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7481FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Processes - GMER 2.1 ---- Library C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [3256] 0x00400000 Library C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [3256] 0x10000000 Library C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [3256] 0x6A9B0000 Library C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [3256] 0x72F30000 Library C:\Program Files\Enigma Software Group\SpyHunter\Common.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [3256] 0x001C0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xDF 0x2C 0x4B ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x72 0x24 0x8B 0x2C ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE5 0x8D 0xE9 0x78 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x27 0xDF 0x2C 0x4B ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x72 0x24 0x8B 0x2C ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE5 0x8D 0xE9 0x78 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x90 0x2C 0x4F ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0xB1 0x57 0x3C ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x90 0x2C 0x4F ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0xB1 0x57 0x3C ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ ---- EOF - GMER 2.1 ----