GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2014-01-06 19:56:16 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001 232,89GB Running: xpzshvmy.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\kxloraod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8AF17644] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8B796668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8AF180D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8AF2389A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8AF238E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8AF23A80] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8AF23808] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8B796A00] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8AF23850] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8AF185D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8AF187F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8AF23A3A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8AF18E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8AF176AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8AF1C6AC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8B796730] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8B794C80] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8AF17710] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8AF1CA76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8AF1991C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8AF238C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8AF23908] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8AF23AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8AF2382E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8AF1BF92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8AF239B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8AF23878] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8AF1C384] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8AF23A5E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8B796890] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8AF197E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8AF194F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8AF17776] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8AF177DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8AF18D06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8AF1732C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8AF17502] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8AF17490] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8AF19056] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8AF191B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8AF1758A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8B796958] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8AF18CE6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8B794CB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8AF17842] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8B7967DC] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B7AFE80] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81E40A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E7A212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 81E81460 4 Bytes [44, 76, F1, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 81E81488 4 Bytes [68, 66, 79, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 81E814E8 4 Bytes [D6, 80, F1, 8A] {SALC ; XOR CL, 0x8a} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 81E8153C 8 Bytes [9A, 38, F2, 8A, E6, 38, F2, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 81E81548 4 Bytes [80, 3A, F2, 8A] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8200ED4B 5 Bytes JMP 8B7ACD1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82027380 5 Bytes JMP 8B7AE84C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8203C4DF 4 Bytes CALL 8AF19FDF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82056347 4 Bytes CALL 8AF19FF5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 820E021C 7 Bytes JMP 8B7AFE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Acer\Acer VCM\RS_Service.exe[112] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\wininit.exe[552] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\csrss.exe[560] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text ... .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1104] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00210600 .text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[1472] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1524] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text ... .text C:\Windows\System32\igfxtray.exe[2116] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001703FC .text C:\Windows\System32\igfxtray.exe[2116] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001701F8 .text C:\Windows\System32\igfxtray.exe[2116] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[2116] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxtray.exe[2116] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxtray.exe[2116] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxtray.exe[2116] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001901F8 .text C:\Windows\System32\igfxtray.exe[2116] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00190600 .text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2120] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2184] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[2268] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Windows\System32\hkcmd.exe[2268] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Windows\System32\hkcmd.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[2268] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00200A08 .text C:\Windows\System32\hkcmd.exe[2268] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002003FC .text C:\Windows\System32\hkcmd.exe[2268] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00200804 .text C:\Windows\System32\hkcmd.exe[2268] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002001F8 .text C:\Windows\System32\hkcmd.exe[2268] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00200600 .text C:\Program Files\Launch Manager\LManager.exe[2420] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Launch Manager\LManager.exe[2420] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Launch Manager\LManager.exe[2420] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Launch Manager\LManager.exe[2420] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Launch Manager\LManager.exe[2420] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 000F03FC .text C:\Program Files\Launch Manager\LManager.exe[2420] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 000F0804 .text C:\Program Files\Launch Manager\LManager.exe[2420] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Launch Manager\LManager.exe[2420] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 000F0600 .text C:\Windows\system32\igfxsrvc.exe[2496] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Windows\system32\igfxsrvc.exe[2496] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Windows\system32\igfxsrvc.exe[2496] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[2496] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 002F0A08 .text C:\Windows\system32\igfxsrvc.exe[2496] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002F03FC .text C:\Windows\system32\igfxsrvc.exe[2496] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 002F0804 .text C:\Windows\system32\igfxsrvc.exe[2496] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002F01F8 .text C:\Windows\system32\igfxsrvc.exe[2496] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 002F0600 .text C:\Windows\System32\igfxpers.exe[2500] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Windows\System32\igfxpers.exe[2500] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Windows\System32\igfxpers.exe[2500] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[2500] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00200A08 .text C:\Windows\System32\igfxpers.exe[2500] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002003FC .text C:\Windows\System32\igfxpers.exe[2500] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00200804 .text C:\Windows\System32\igfxpers.exe[2500] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002001F8 .text C:\Windows\System32\igfxpers.exe[2500] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00200600 .text C:\Windows\system32\taskhost.exe[2552] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2760] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe[2776] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\Explorer.EXE[2808] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3216] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3220] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00100600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3228] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3308] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[3308] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[3308] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00140A08 .text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001403FC .text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00140804 .text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001401F8 .text C:\Windows\system32\SearchIndexer.exe[3308] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00140600 .text C:\Windows\system32\svchost.exe[3440] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Windows\system32\svchost.exe[3440] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[3440] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3440] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[3440] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001003FC .text C:\Windows\system32\svchost.exe[3440] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[3440] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[3440] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00100600 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 002E03FC .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 002E01F8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 002F0A08 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002F03FC .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 002F0804 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002F01F8 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[3472] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 002F0600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 002E03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 002E01F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 002F0A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002F03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 002F0804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002F01F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3556] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 002F0600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001703FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001701F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00180A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001803FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00180804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001801F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3776] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00180600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00210A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002103FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00210804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002101F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3832] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00210600 .text C:\Program Files\Launch Manager\LMworker.exe[3928] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Launch Manager\LMworker.exe[3928] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Launch Manager\LMworker.exe[3928] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Launch Manager\LMworker.exe[3928] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 000F0A08 .text C:\Program Files\Launch Manager\LMworker.exe[3928] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 000F03FC .text C:\Program Files\Launch Manager\LMworker.exe[3928] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 000F0804 .text C:\Program Files\Launch Manager\LMworker.exe[3928] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 000F01F8 .text C:\Program Files\Launch Manager\LMworker.exe[3928] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 000F0600 .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000F03FC .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000F01F8 .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] user32.DLL!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00110A08 .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] user32.DLL!UnhookWinEvent 773FB750 5 Bytes JMP 001103FC .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] user32.DLL!SetWindowsHookExW 773FE30C 5 Bytes JMP 00110804 .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] user32.DLL!SetWinEventHook 774024DC 5 Bytes JMP 001101F8 .text C:\Program Files\EgisTec IPS\EgisUpdate.exe[3936] user32.DLL!SetWindowsHookExA 77426D0C 5 Bytes JMP 00110600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 5C91B780 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 760B941E 7 Bytes JMP 5D156EDA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] KERNEL32.dll!QueryPerformanceCounter + 13 760BC425 7 Bytes JMP 5D156EFD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] KERNEL32.dll!LoadAppInitDlls + 355 760BF4E6 7 Bytes JMP 5C920836 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] USER32.dll!GetWindowInfo 77404B5E 5 Bytes JMP 5CFFB28C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3960] GDI32.dll!GetViewportOrgEx + 26C 7615884B 7 Bytes JMP 5D156E5B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001F03FC .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001F01F8 .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00200A08 .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002003FC .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00200804 .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002001F8 .text C:\Program Files\EgisTec IPS\PmmUpdate.exe[3992] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00200600 .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00300A08 .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 003003FC .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00300804 .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 003001F8 .text C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe[4032] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00300600 .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001203FC .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001201F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00140A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001403FC .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00140804 .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001401F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[4172] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00140600 .text C:\Windows\System32\svchost.exe[4224] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[4224] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[4224] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\System32\svchost.exe[4224] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 000A0A08 .text C:\Windows\System32\svchost.exe[4224] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 000A03FC .text C:\Windows\System32\svchost.exe[4224] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 000A0804 .text C:\Windows\System32\svchost.exe[4224] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 000A01F8 .text C:\Windows\System32\svchost.exe[4224] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 000A0600 .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000703FC .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000701F8 .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 001B0A08 .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001B03FC .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 001B0804 .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001B01F8 .text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[4304] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 001B0600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[4412] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 001F0600 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001F03FC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001F01F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00300A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 003003FC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00300804 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 003001F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4452] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00300600 .text C:\Windows\system32\igfxext.exe[4464] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 002E03FC .text C:\Windows\system32\igfxext.exe[4464] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 002E01F8 .text C:\Windows\system32\igfxext.exe[4464] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\igfxext.exe[4464] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 002F0A08 .text C:\Windows\system32\igfxext.exe[4464] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002F03FC .text C:\Windows\system32\igfxext.exe[4464] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 002F0804 .text C:\Windows\system32\igfxext.exe[4464] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002F01F8 .text C:\Windows\system32\igfxext.exe[4464] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 002F0600 .text C:\Windows\system32\wbem\unsecapp.exe[4496] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Windows\system32\wbem\unsecapp.exe[4496] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Windows\system32\wbem\unsecapp.exe[4496] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[4496] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\wbem\unsecapp.exe[4496] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 000F03FC .text C:\Windows\system32\wbem\unsecapp.exe[4496] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\wbem\unsecapp.exe[4496] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\wbem\unsecapp.exe[4496] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 000F0600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4572] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00180600 .text C:\Windows\system32\wbem\wmiprvse.exe[4664] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[4664] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[4664] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4664] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00090A08 .text C:\Windows\system32\wbem\wmiprvse.exe[4664] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 000903FC .text C:\Windows\system32\wbem\wmiprvse.exe[4664] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00090804 .text C:\Windows\system32\wbem\wmiprvse.exe[4664] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 000901F8 .text C:\Windows\system32\wbem\wmiprvse.exe[4664] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00090600 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00130A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001303FC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00130804 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001301F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4672] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00130600 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001E03FC .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001E01F8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001F03FC .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 001F0804 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[4840] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5564] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00100600 .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001F03FC .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001F01F8 .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 002003FC .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00200804 .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 002001F8 .text C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00200600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] USER32.dll!GetWindowInfo 77404B5E 5 Bytes JMP 5CC6F36E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] USER32.dll!ToUnicodeEx + 71 77412223 7 Bytes JMP 5CC68DFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5736] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00080600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateFile + 6 7794560E 4 Bytes [28, A0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateFile + B 77945613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateKey + 6 7794564E 4 Bytes [68, A1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateKey + B 77945653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateMutant + 6 7794568E 4 Bytes [68, A2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateMutant + B 77945693 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateSection + 6 7794572E 4 Bytes [A8, A2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtCreateSection + B 77945733 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtMapViewOfSection + B 77945C73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenFile + 6 77945D1E 4 Bytes [68, A0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenFile + B 77945D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenKey + 6 77945D4E 4 Bytes [A8, A1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenKey + B 77945D53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenKeyEx + B 77945D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenMutant + 6 77945D9E 4 Bytes [28, A2, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenMutant + B 77945DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenProcess + 6 77945DCE 4 Bytes [68, A3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenProcess + B 77945DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenProcessToken + 6 77945DDE 4 Bytes [A8, A3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenProcessToken + B 77945DE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenProcessTokenEx + 6 77945DEE 4 Bytes [68, A4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenProcessTokenEx + B 77945DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenSection + B 77945E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenThread + 6 77945E4E 4 Bytes [28, A3, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenThread + B 77945E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenThreadToken + 6 77945E5E 4 Bytes [28, A4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenThreadToken + B 77945E63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenThreadTokenEx + 6 77945E6E 4 Bytes [A8, A4, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtOpenThreadTokenEx + B 77945E73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtQueryAttributesFile + 6 77945F7E 4 Bytes [A8, A0, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtQueryAttributesFile + B 77945F83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtQueryFullAttributesFile + B 77946033 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtSetInformationFile + 6 7794667E 4 Bytes [28, A1, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtSetInformationFile + B 77946683 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtSetInformationThread + B 779466E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtUnmapViewOfSection + 6 779469FE 4 Bytes [28, A5, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!NtUnmapViewOfSection + B 77946A03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001403FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001401F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] KERNEL32.dll!CreateProcessW 7607204D 5 Bytes JMP 00090030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] KERNEL32.dll!CreateProcessA 76072082 5 Bytes JMP 00090070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!ActivateKeyboardLayout 773F8203 5 Bytes JMP 002604F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!ScreenToClient 773FA506 7 Bytes JMP 00260670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00270A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!UnhookWinEvent 773FB750 5 Bytes JMP 002703FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!RegisterClipboardFormatA 773FC091 5 Bytes JMP 002602F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!RegisterClipboardFormatW 773FDF8D 5 Bytes JMP 002602B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!SetWindowsHookExW 773FE30C 5 Bytes JMP 00270804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!SetWinEventHook 774024DC 5 Bytes JMP 002701F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!SetCursor 77403075 5 Bytes JMP 00260530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!MonitorFromWindow 77403622 7 Bytes JMP 00260630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!PostMessageW 7740447B 5 Bytes JMP 002605F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!IsWindowVisible 77404D69 7 Bytes JMP 002606B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetClientRect 774054DD 7 Bytes JMP 002605B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!MapWindowPoints 77405CAA 5 Bytes JMP 00260570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetParent 77406029 7 Bytes JMP 002606F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!EmptyClipboard 7741290C 5 Bytes JMP 00260130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!SetClipboardData 77412962 5 Bytes JMP 00260170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetClipboardData 77412BA7 5 Bytes JMP 00260030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetClipboardFormatNameW 77415FD2 5 Bytes JMP 00260230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!SetClipboardViewer 77416FF6 5 Bytes JMP 002604B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetClipboardFormatNameA 7741700A 5 Bytes JMP 00260270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!ChangeClipboardChain 7742147C 5 Bytes JMP 00260430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetTopWindow 774224D9 7 Bytes JMP 00260730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!CloseClipboard 7742446C 5 Bytes JMP 002600B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!OpenClipboard 7742447E 5 Bytes JMP 00260070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!IsClipboardFormatAvailable 774244FF 5 Bytes JMP 002600F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetClipboardSequenceNumber 77424513 5 Bytes JMP 00260330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetClipboardOwner 77424525 5 Bytes JMP 00260370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!CountClipboardFormats 7742470A 5 Bytes JMP 002601F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!EnumClipboardFormats 774247EC 5 Bytes JMP 002601B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetOpenClipboardWindow 7742480B 5 Bytes JMP 002603F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!SetWindowsHookExA 77426D0C 5 Bytes JMP 00270600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!SetCursorPos 7743C1B0 5 Bytes JMP 00260770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetClipboardViewer 77454AF7 5 Bytes JMP 00260470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] user32.DLL!GetPriorityClipboardFormat 77454BF9 5 Bytes JMP 002603B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!DeleteObject 76155F14 5 Bytes JMP 002801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SelectObject 76156640 5 Bytes JMP 002805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetTextColor 76156906 5 Bytes JMP 00280A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetBkMode 761569B1 5 Bytes JMP 002808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!DeleteDC 76156EAA 5 Bytes JMP 00280170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetDeviceCaps 76156F7F 5 Bytes JMP 002803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!ExtSelectClipRgn 76157114 5 Bytes JMP 002802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SelectClipRgn 76157242 5 Bytes JMP 002805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetStretchBltMode 76157705 5 Bytes JMP 002806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetCurrentObject 76157917 5 Bytes JMP 00280370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextMetricsW 76157B8F 5 Bytes JMP 00280E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextAlign 76157DAF 5 Bytes JMP 00280D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!IntersectClipRect 76157DFE 5 Bytes JMP 002803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!ExtTextOutW 76158192 5 Bytes JMP 00280970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetTextAlign 7615828E 5 Bytes JMP 002809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetClipBox 76158525 5 Bytes JMP 00280330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!MoveToEx 76158C21 5 Bytes JMP 00280470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!StretchDIBits 7615A53E 5 Bytes JMP 00280770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!RestoreDC 7615A67B 5 Bytes JMP 00280530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SaveDC 7615A74B 5 Bytes JMP 00280570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextExtentPoint32W 7615B4B5 5 Bytes JMP 00280670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextFaceW 7615B73A 2 Bytes JMP 00280D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextFaceW + 3 7615B73D 2 Bytes [12, 8A] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetFontData 7615BCC4 5 Bytes JMP 00280C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetWorldTransform 7615C90A 5 Bytes JMP 002806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!CreateDCA 7615CCA9 5 Bytes JMP 002800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!CreateDCW 7615CF79 5 Bytes JMP 002800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!CreateICW 7615CFD0 5 Bytes JMP 00280130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextMetricsA 7615D0F2 5 Bytes JMP 00280DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!Rectangle 7615F1FF 5 Bytes JMP 002809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!LineTo 7615F59B 5 Bytes JMP 00280430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetICMMode 7615FAA4 5 Bytes JMP 00280DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!ExtTextOutA 76160D20 5 Bytes JMP 00280930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextExtentPoint32A 7616117F 5 Bytes JMP 00280630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!ExtEscape 76162D49 5 Bytes JMP 002802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!Escape 76163400 5 Bytes JMP 00280270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!ResetDCW 76163A9B 5 Bytes JMP 00280AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!EndPage 761640DA 5 Bytes JMP 00280230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetPolyFillMode 761667E1 5 Bytes JMP 00280B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SetMiterLimit 7616699D 5 Bytes JMP 00280B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetTextFaceA 76170D22 5 Bytes JMP 00280CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!GetGlyphOutlineW 7617C2DA 5 Bytes JMP 00280CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!CreateScalableFontResourceW 7617E937 5 Bytes JMP 00280BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!AddFontResourceW 7617ED33 5 Bytes JMP 00280BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!RemoveFontResourceW 7617F229 5 Bytes JMP 00280C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!AbortDoc 76184E29 5 Bytes JMP 00280030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!EndDoc 76185270 5 Bytes JMP 002801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!StartPage 7618535B 5 Bytes JMP 00280730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!StartDocW 76185D76 5 Bytes JMP 002807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!BeginPath 7618651D 5 Bytes JMP 00280830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!SelectClipPath 76186574 5 Bytes JMP 00280AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!CloseFigure 761865CF 5 Bytes JMP 00280070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!EndPath 76186626 5 Bytes JMP 00280A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!StrokePath 76186859 5 Bytes JMP 002807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!FillPath 761868E6 5 Bytes JMP 00280870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!PolylineTo 76186D54 5 Bytes JMP 002804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!PolyBezierTo 76186DE5 5 Bytes JMP 002804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] GDI32.dll!PolyDraw 76186E97 5 Bytes JMP 002808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ole32.dll!OleSetClipboard 75E60045 5 Bytes JMP 002B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ole32.dll!OleIsCurrentClipboard 75E636B2 5 Bytes JMP 002B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] ole32.dll!OleGetClipboard 75E8FDCD 5 Bytes JMP 002B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 000E03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 000E01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] user32.DLL!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] user32.DLL!UnhookWinEvent 773FB750 5 Bytes JMP 000F03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] user32.DLL!SetWindowsHookExW 773FE30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] user32.DLL!SetWinEventHook 774024DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5800] user32.DLL!SetWindowsHookExA 77426D0C 5 Bytes JMP 000F0600 .text C:\Windows\system32\AUDIODG.EXE[5892] kernel32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] ntdll.dll!LdrUnloadDll 7795C8DE 5 Bytes JMP 001803FC .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] ntdll.dll!LdrLoadDll 779622AE 5 Bytes JMP 001801F8 .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] KERNEL32.dll!GetBinaryTypeW + 70 760D69E4 1 Byte [62] .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] USER32.dll!UnhookWindowsHookEx 773FADF9 5 Bytes JMP 00190A08 .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] USER32.dll!UnhookWinEvent 773FB750 5 Bytes JMP 001903FC .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] USER32.dll!SetWindowsHookExW 773FE30C 5 Bytes JMP 00190804 .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] USER32.dll!SetWinEventHook 774024DC 5 Bytes JMP 001901F8 .text C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] USER32.dll!SetWindowsHookExA 77426D0C 5 Bytes JMP 00190600 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1564] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [717A0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001ED0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002A90] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Windows\Explorer.EXE[2808] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3228] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [717A0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrTray.exe[5604] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00090090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00260790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002607D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00090090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe[5764] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00090090 IAT C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Acer\Acer 3G Connection Manager\SMSIcon.exe[5980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7587FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 2.1 ----