GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-15 11:38:45 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006c SAMSUNG_ rev.1AJ1 931,51GB Running: dj2e672x.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uxriqpow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90AB2644] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x910A3668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90AB30D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90ABE89A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90ABE8E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90ABEA80] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90ABE808] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x910A3A00] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90ABE850] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90AB35D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90AB37F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90ABEA3A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90AB3E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90AB26AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90AB76AC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x910A3730] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x910A1C80] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90AB2710] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90AB7A76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90AB491C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90ABE8C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90ABE908] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90ABEAA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90ABE82E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90AB6F92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90ABE9B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90ABE878] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90AB7384] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90ABEA5E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x910A3890] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90AB47E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90AB44F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90AB2776] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90AB27DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90AB3D06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90AB232C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90AB2502] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90AB2490] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90AB4056] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90AB41B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90AB258A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x910A3958] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90AB3CE6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x910A1CB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90AB2842] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x910A37DC] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x910BCE80] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 8363E339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83677D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 8367EDC0 4 Bytes [44, 26, AB, 90] {INC ESP; STOSD ; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8367EDE8 4 Bytes [68, 36, 0A, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8367EE48 4 Bytes [D6, 30, AB, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8367EE9C 8 Bytes [9A, E8, AB, 90, E6, E8, AB, ...] {CALL FAR 0xabe8:0xe690abe8; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 8367EEA8 4 Bytes [80, EA, AB, 90] {SUB DL, 0xab; NOP } .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8380CB6C 5 Bytes JMP 910B9D1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 8382516E 5 Bytes JMP 910BB84C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8383A26D 4 Bytes CALL 90AB4FDF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8385402C 4 Bytes CALL 90AB4FF5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 838DDE44 7 Bytes JMP 910BCE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFntCacheLookUp + 8B18 9AD501F5 5 Bytes JMP 90AB85C6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 3819 9AD642A7 4 Bytes JMP 90AB8712 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 477E 9AD6520C 5 Bytes JMP 90AB83DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 310 9AD804A7 5 Bytes JMP 90AB929C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 4C55 9AD84DEC 5 Bytes JMP 90AB7E3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 60A2 9AD86239 5 Bytes JMP 90AB94E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + BA47 9AD8BBDE 5 Bytes JMP 90AB87B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + BC96 9AD8BE2D 5 Bytes JMP 90AB88CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 650 9ADA5102 5 Bytes JMP 90AB7AAC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 70E 9ADA51C0 5 Bytes JMP 90AB87D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 38FE 9ADA83B0 5 Bytes JMP 90AB7BC2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 39BC 9ADA846E 5 Bytes JMP 90AB7CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EF8 9ADACAF7 5 Bytes JMP 90AB85F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2A9B 9ADB64AE 5 Bytes JMP 90AB8316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + ABF8 9ADBE60B 5 Bytes JMP 90AB7EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 14E7D 9ADC8890 5 Bytes JMP 90AB914A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 4F2B 9ADE013E 5 Bytes JMP 90AB9200 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 42AA 9ADEDAD1 5 Bytes JMP 90AB96FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + B219 9AE03314 5 Bytes JMP 90AB924C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + CBD8 9AE04CD3 5 Bytes JMP 90ABB050 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteClip + 480C 9AE15B78 5 Bytes JMP 90AB7DC6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + 3F48 9AE2378A 5 Bytes JMP 90AB823A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + B190 9AE2A9D2 5 Bytes JMP 90AB95A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteRgn + 2171 9AE415CF 5 Bytes JMP 90AB80F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 84C4 9AE621E9 5 Bytes JMP 90AB9656 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 2EB4 9AE7AE4D 5 Bytes JMP 90AB9426 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 3445 9AE7B3DE 5 Bytes JMP 90AB7FA6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 64EC 9AE7E485 5 Bytes JMP 90AB87F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 9634 9AE815CD 5 Bytes JMP 90AB800E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + BE8C 9AE83E25 5 Bytes JMP 90AB88AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ... .text win32k.sys!EngCTGetCurrentGamma + 6306 9AE8FDA8 5 Bytes JMP 90AB8196 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x82DEA300, 0x1B7E, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B0A1D000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B0A1D123 629 Bytes [85, A1, B0, FE, 05, 34, 85, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 B0A1D399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F B0A1D3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B B0A1D4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... .text ws2_32.dll!getsockname 758C30AF 6 Bytes [FF, 25, 1C, 00, 30, 00] {JMP DWORD [0x30001c]} .text ws2_32.dll!closesocket 758C3918 6 Bytes [FF, 25, 1C, 00, 62, 00] {JMP DWORD [0x62001c]} .text ws2_32.dll!WSAStartup 758C3AB2 6 Bytes [FF, 25, 1D, 00, 5F, 00] {JMP DWORD [0x5f001d]} .text ws2_32.dll!connect 758C6BDD 6 Bytes [FF, 25, 1E, 00, 61, 00] {JMP DWORD [0x61001e]} .text ws2_32.dll!getpeername 758C7147 6 Bytes [FF, 25, 1C, 00, 3F, 00] {JMP DWORD [0x3f001c]} .text ws2_32.dll!WSAConnect 758CCC3F 6 Bytes [FF, 25, 1C, 00, 60, 00] {JMP DWORD [0x60001c]} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[116] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\Dwm.exe[400] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\Dwm.exe[400] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 00930000 .text C:\Windows\system32\Dwm.exe[400] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 03150000 .text C:\Windows\system32\Dwm.exe[400] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 03120000 .text C:\Windows\system32\Dwm.exe[400] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 03140000 .text C:\Windows\system32\Dwm.exe[400] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 01BE0000 .text C:\Windows\system32\Dwm.exe[400] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 03130000 .text C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[556] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\services.exe[568] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text ... .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002003FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00200804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002001F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00200600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 00350000 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 003B0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 00370000 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 003A0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 00360000 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1344] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 00380000 .text C:\Windows\system32\nvvsvc.exe[1368] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\Explorer.EXE[1596] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\Explorer.EXE[1596] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 03B20000 .text C:\Windows\Explorer.EXE[1596] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 03B80000 .text C:\Windows\Explorer.EXE[1596] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 03B50000 .text C:\Windows\Explorer.EXE[1596] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 03B70000 .text C:\Windows\Explorer.EXE[1596] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 03B30000 .text C:\Windows\Explorer.EXE[1596] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 03B60000 .text C:\Windows\System32\spoolsv.exe[1704] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\svchost.exe[1768] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1780] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1780] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 003F0000 .text C:\Windows\system32\taskhost.exe[1780] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 00460000 .text C:\Windows\system32\taskhost.exe[1780] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 00420000 .text C:\Windows\system32\taskhost.exe[1780] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 00450000 .text C:\Windows\system32\taskhost.exe[1780] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 00410000 .text C:\Windows\system32\taskhost.exe[1780] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 00440000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1896] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[1956] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\fsproflt.exe[2020] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2196] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskeng.exe[2196] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskeng.exe[2196] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000F03FC .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\taskeng.exe[2196] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 001B0000 .text C:\Windows\system32\taskeng.exe[2196] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 00630000 .text C:\Windows\system32\taskeng.exe[2196] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 005C0000 .text C:\Windows\system32\taskeng.exe[2196] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 005E0000 .text C:\Windows\system32\taskeng.exe[2196] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 00200000 .text C:\Windows\system32\taskeng.exe[2196] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 005D0000 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002003FC .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00200804 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002001F8 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00200600 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 04310000 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 04360000 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 04330000 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 04350000 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 04320000 .text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2232] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 04340000 .text C:\Windows\System32\svchost.exe[2268] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000E03FC .text C:\Windows\System32\svchost.exe[2268] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000E01F8 .text C:\Windows\System32\svchost.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\System32\svchost.exe[2268] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00100A08 .text C:\Windows\System32\svchost.exe[2268] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001003FC .text C:\Windows\System32\svchost.exe[2268] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00100804 .text C:\Windows\System32\svchost.exe[2268] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001001F8 .text C:\Windows\System32\svchost.exe[2268] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00100600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2424] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\System32\svchost.exe[2428] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000E03FC .text C:\Windows\System32\svchost.exe[2428] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000E01F8 .text C:\Windows\System32\svchost.exe[2428] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\System32\svchost.exe[2428] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00110A08 .text C:\Windows\System32\svchost.exe[2428] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001103FC .text C:\Windows\System32\svchost.exe[2428] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00110804 .text C:\Windows\System32\svchost.exe[2428] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001101F8 .text C:\Windows\System32\svchost.exe[2428] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00110600 .text C:\Windows\system32\PnkBstrA.exe[2448] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001D03FC .text C:\Windows\system32\PnkBstrA.exe[2448] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001D01F8 .text C:\Windows\system32\PnkBstrA.exe[2448] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\PnkBstrA.exe[2448] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 001E0A08 .text C:\Windows\system32\PnkBstrA.exe[2448] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001E03FC .text C:\Windows\system32\PnkBstrA.exe[2448] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 001E0804 .text C:\Windows\system32\PnkBstrA.exe[2448] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001E01F8 .text C:\Windows\system32\PnkBstrA.exe[2448] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 001E0600 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000703FC .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000701F8 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\AVG Secure Search\vprot.exe[2476] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00080A08 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000803FC .text C:\Program Files\AVG Secure Search\vprot.exe[2476] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00080804 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000801F8 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00080600 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 002A0000 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 002F0000 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 002C0000 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 002E0000 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 002B0000 .text C:\Program Files\AVG Secure Search\vprot.exe[2476] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 002D0000 .text C:\Windows\system32\svchost.exe[2536] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000E03FC .text C:\Windows\system32\svchost.exe[2536] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[2536] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\svchost.exe[2536] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[2536] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001003FC .text C:\Windows\system32\svchost.exe[2536] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[2536] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[2536] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[2564] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001203FC .text C:\Windows\system32\svchost.exe[2564] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001201F8 .text C:\Windows\system32\svchost.exe[2564] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\svchost.exe[2564] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\svchost.exe[2564] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001403FC .text C:\Windows\system32\svchost.exe[2564] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00140804 .text C:\Windows\system32\svchost.exe[2564] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\svchost.exe[2564] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00140600 .text E:\Program Files\Steam\Steam.exe[2580] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000703FC .text E:\Program Files\Steam\Steam.exe[2580] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000701F8 .text E:\Program Files\Steam\Steam.exe[2580] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text E:\Program Files\Steam\Steam.exe[2580] WS2_32.dll!getsockname 758C30AF 6 Bytes JMP 004C0000 .text E:\Program Files\Steam\Steam.exe[2580] WS2_32.dll!closesocket 758C3918 6 Bytes JMP 00630000 .text E:\Program Files\Steam\Steam.exe[2580] WS2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 004E0000 .text E:\Program Files\Steam\Steam.exe[2580] WS2_32.dll!connect 758C6BDD 6 Bytes JMP 00620000 .text E:\Program Files\Steam\Steam.exe[2580] WS2_32.dll!getpeername 758C7147 6 Bytes JMP 004D0000 .text E:\Program Files\Steam\Steam.exe[2580] WS2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 004F0000 .text E:\Program Files\Steam\Steam.exe[2580] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00080A08 .text E:\Program Files\Steam\Steam.exe[2580] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000803FC .text E:\Program Files\Steam\Steam.exe[2580] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00080804 .text E:\Program Files\Steam\Steam.exe[2580] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000801F8 .text E:\Program Files\Steam\Steam.exe[2580] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000F03FC .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000F01F8 .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe[2664] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00100600 .text C:\Windows\System32\svchost.exe[2684] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2684] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[2684] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\System32\svchost.exe[2684] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00090A08 .text C:\Windows\System32\svchost.exe[2684] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[2684] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00090804 .text C:\Windows\System32\svchost.exe[2684] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[2684] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00090600 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00250A08 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002503FC .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00250804 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002501F8 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe[2724] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00250600 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002003FC .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00200804 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002001F8 .text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe[2976] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00200600 .text C:\Windows\system32\svchost.exe[3204] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3204] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3204] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\svchost.exe[3204] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 001A0A08 .text C:\Windows\system32\svchost.exe[3204] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001A03FC .text C:\Windows\system32\svchost.exe[3204] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 001A0804 .text C:\Windows\system32\svchost.exe[3204] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001A01F8 .text C:\Windows\system32\svchost.exe[3204] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 001A0600 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000E03FC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000E01F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00120A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001203FC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00120804 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001201F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00120600 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] WS2_32.dll!getsockname 758C30AF 6 Bytes JMP 03770000 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] WS2_32.dll!closesocket 758C3918 6 Bytes JMP 038D0000 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] WS2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 038A0000 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] WS2_32.dll!connect 758C6BDD 6 Bytes JMP 038C0000 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] WS2_32.dll!getpeername 758C7147 6 Bytes JMP 03780000 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3556] WS2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 038B0000 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001F03FC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001F01F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002003FC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00200804 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002001F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3584] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00200600 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000703FC .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000701F8 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00080A08 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000803FC .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00080804 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000801F8 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00080600 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 018F0000 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 01950000 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 01920000 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 01940000 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 01910000 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3652] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 01930000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001F03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 001F0804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 005A0000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 016D0000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 005C0000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 016C0000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 005B0000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3664] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 005D0000 .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] user32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] user32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001F03FC .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] user32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 001F0804 .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] user32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Ad Muncher\AdMunch.exe[3712] user32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Winamp\winampa.exe[3748] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 002203FC .text C:\Program Files\Winamp\winampa.exe[3748] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 002201F8 .text C:\Program Files\Winamp\winampa.exe[3748] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[3748] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00230A08 .text C:\Program Files\Winamp\winampa.exe[3748] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002303FC .text C:\Program Files\Winamp\winampa.exe[3748] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00230804 .text C:\Program Files\Winamp\winampa.exe[3748] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002301F8 .text C:\Program Files\Winamp\winampa.exe[3748] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00230600 .text C:\Program Files\Winamp\winampa.exe[3748] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 003A0000 .text C:\Program Files\Winamp\winampa.exe[3748] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 003F0000 .text C:\Program Files\Winamp\winampa.exe[3748] ws2_32.dll!WSAStartup 758C3AB2 4 Bytes JMP 3C001D25 .text C:\Program Files\Winamp\winampa.exe[3748] ws2_32.dll!WSAStartup + 5 758C3AB7 1 Byte [00] .text C:\Program Files\Winamp\winampa.exe[3748] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 003E0000 .text C:\Program Files\Winamp\winampa.exe[3748] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 003B0000 .text C:\Program Files\Winamp\winampa.exe[3748] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 003D0000 .text C:\Windows\system32\SearchIndexer.exe[3836] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3836] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3836] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3836] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00090A08 .text C:\Windows\system32\SearchIndexer.exe[3836] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000903FC .text C:\Windows\system32\SearchIndexer.exe[3836] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00090804 .text C:\Windows\system32\SearchIndexer.exe[3836] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000901F8 .text C:\Windows\system32\SearchIndexer.exe[3836] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00090600 .text C:\Users\xxx\Desktop\dj2e672x.exe[3852] kernel32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Users\xxx\Desktop\dj2e672x.exe[3852] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 00300000 .text C:\Users\xxx\Desktop\dj2e672x.exe[3852] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 00620000 .text C:\Users\xxx\Desktop\dj2e672x.exe[3852] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 005F0000 .text C:\Users\xxx\Desktop\dj2e672x.exe[3852] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 00610000 .text C:\Users\xxx\Desktop\dj2e672x.exe[3852] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 003F0000 .text C:\Users\xxx\Desktop\dj2e672x.exe[3852] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 00600000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 00250000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 003B0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 00280000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 003A0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 00260000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3856] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 00390000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00210600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 00270000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 002D0000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 00290000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 002B0000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 00280000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 002A0000 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001F03FC .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001F01F8 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] user32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] user32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 002003FC .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] user32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00200804 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] user32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 002001F8 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] user32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00200600 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] WS2_32.dll!getsockname 758C30AF 6 Bytes JMP 003E0000 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] WS2_32.dll!closesocket 758C3918 6 Bytes JMP 00940000 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] WS2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 00910000 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] WS2_32.dll!connect 758C6BDD 6 Bytes JMP 00930000 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] WS2_32.dll!getpeername 758C7147 6 Bytes JMP 003F0000 .text C:\Program Files\Orange\EasyWirelessNet.exe[3932] WS2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 00920000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001E03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001E01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 002A0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 01380000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 002C0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 01370000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 002B0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4188] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 002E0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 00360000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 003C0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 00380000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 003B0000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 00370000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4236] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 00390000 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000D03FC .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000D01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] KERNEL32.dll!CreateThread 761E375D 5 Bytes JMP 726A71CB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4452] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 7272E9F8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!CallNextHookEx 75DCCC8F 5 Bytes JMP 72707A3F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!DefWindowProcA 75DCE0E4 7 Bytes JMP 726A93F5 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!CreateWindowExW 75DD0E51 5 Bytes JMP 7270FE1F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!DefWindowProcW 75DD724B 7 Bytes JMP 72707AA2 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4452] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 00390000 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 01240000 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 003F0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 00420000 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 003E0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4452] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 00410000 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000D03FC .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000D01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 000F0804 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 001B0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 003D0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 003A0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 003C0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 001C0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4628] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 003B0000 .text C:\Windows\system32\sppsvc.exe[4648] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 001303FC .text C:\Windows\system32\sppsvc.exe[4648] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 001301F8 .text C:\Windows\system32\sppsvc.exe[4648] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[4648] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00150A08 .text C:\Windows\system32\sppsvc.exe[4648] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001503FC .text C:\Windows\system32\sppsvc.exe[4648] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00150804 .text C:\Windows\system32\sppsvc.exe[4648] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001501F8 .text C:\Windows\system32\sppsvc.exe[4648] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00150600 .text C:\Windows\system32\notepad.exe[4928] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000803FC .text C:\Windows\system32\notepad.exe[4928] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000801F8 .text C:\Windows\system32\notepad.exe[4928] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Windows\system32\notepad.exe[4928] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 00150A08 .text C:\Windows\system32\notepad.exe[4928] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 001503FC .text C:\Windows\system32\notepad.exe[4928] USER32.dll!SetWindowsHookExW 75DD210A 5 Bytes JMP 00150804 .text C:\Windows\system32\notepad.exe[4928] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 001501F8 .text C:\Windows\system32\notepad.exe[4928] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00150600 .text C:\Windows\system32\notepad.exe[4928] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 005C0000 .text C:\Windows\system32\notepad.exe[4928] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 00610000 .text C:\Windows\system32\notepad.exe[4928] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 005E0000 .text C:\Windows\system32\notepad.exe[4928] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 00600000 .text C:\Windows\system32\notepad.exe[4928] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 005D0000 .text C:\Windows\system32\notepad.exe[4928] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 005F0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] KERNEL32.dll!CreateThread 761E375D 5 Bytes JMP 726A71CB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4976] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 7272E9F8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CallNextHookEx 75DCCC8F 5 Bytes JMP 72707A3F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000803FC .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DefWindowProcA 75DCE0E4 7 Bytes JMP 726A93F5 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!CreateWindowExW 75DD0E51 5 Bytes JMP 7270FE1F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000801F8 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!DefWindowProcW 75DD724B 7 Bytes JMP 72707AA2 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4976] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00080600 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 003A0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 00410000 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 003D0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 003F0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 003C0000 .text C:\Program Files\Internet Explorer\iexplore.exe[4976] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 003E0000 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ntdll.dll!LdrUnloadDll 772CC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ntdll.dll!LdrLoadDll 772D22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] KERNEL32.dll!CreateThread 761E375D 5 Bytes JMP 726A71CB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5552] KERNEL32.dll!GetBinaryTypeW + 70 761F4F63 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!UnhookWindowsHookEx 75DCCC7B 5 Bytes JMP 7272E9F8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CallNextHookEx 75DCCC8F 5 Bytes JMP 72707A3F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!UnhookWinEvent 75DCD924 5 Bytes JMP 000803FC .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!DefWindowProcA 75DCE0E4 7 Bytes JMP 726A93F5 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!CreateWindowExW 75DD0E51 5 Bytes JMP 7270FE1F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!SetWinEventHook 75DD507E 5 Bytes JMP 000801F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!DefWindowProcW 75DD724B 7 Bytes JMP 72707AA2 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5552] USER32.dll!SetWindowsHookExA 75DF6DFA 5 Bytes JMP 00080600 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!getsockname 758C30AF 6 Bytes JMP 011F0000 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!closesocket 758C3918 6 Bytes JMP 01240000 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!WSAStartup 758C3AB2 6 Bytes JMP 01210000 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!connect 758C6BDD 6 Bytes JMP 01230000 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!getpeername 758C7147 6 Bytes JMP 01200000 .text C:\Program Files\Internet Explorer\iexplore.exe[5552] ws2_32.dll!WSAConnect 758CCC3F 6 Bytes JMP 01220000 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71B00790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EE2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EC5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EC56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EE24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73ED8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73ED4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73ED506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73ED5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73ED6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73ED826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73ED87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73ED901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EDE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1596] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ED4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71B00790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlReAllocateHeap] [69D09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlSizeHeap] [69D0A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlLockHeap] [69D094D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlUnlockHeap] [69D094E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlAllocateHeap] [69D092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlDestroyHeap] [69D094B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlCreateHeap] [69D094A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!RtlExitUserProcess] [69D0AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlSizeHeap] [69D0A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlReAllocateHeap] [69D09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlAllocateHeap] [69D092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\user32.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [69D092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlAllocateHeap] [69D092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\advapi32.dll [ntdll.dll!RtlReAllocateHeap] [69D09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [69D092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [69D092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [69D09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\shell32.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [69D09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [69D092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Program Files\Orange\EasyWirelessNet.exe[3932] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7534FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e@2021a5e2f61d 0x1B 0x8A 0x62 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e@04a82ab2031f 0x2A 0xDD 0x3A 0xB2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e@10f9eed7ac9a 0x51 0x66 0x18 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e@ac81f388d9e9 0x05 0x93 0x94 0xAC ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e@d82a7e1f5df9 0x35 0xF3 0x57 0xFE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e@d0db328f3ef6 0xC1 0xA0 0xC9 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00169300044e@d0176a499197 0x05 0xCC 0xCF 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 7933 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x0B 0x7B 0x9E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF0 0x85 0x78 0x3F ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0x2C 0x5D 0x65 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e@2021a5e2f61d 0x1B 0x8A 0x62 0xE4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e@04a82ab2031f 0x2A 0xDD 0x3A 0xB2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e@10f9eed7ac9a 0x51 0x66 0x18 0x69 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e@ac81f388d9e9 0x05 0x93 0x94 0xAC ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e@d82a7e1f5df9 0x35 0xF3 0x57 0xFE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e@d0db328f3ef6 0xC1 0xA0 0xC9 0x83 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00169300044e@d0176a499197 0x05 0xCC 0xCF 0x39 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0x0B 0x7B 0x9E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF0 0x85 0x78 0x3F ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0x2C 0x5D 0x65 ... ---- EOF - GMER 2.1 ----