GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-16 20:07:37 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 Running: e288kvx3.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\kxldypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C17D202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91820D8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C17F7F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C17F848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C17F95E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C17F746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8C17F898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C17F79A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C17F90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C17D226] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91820E3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8C17CFF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C17D24A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C17FD56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C17DCDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C17F820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C17F870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C17F988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C17F772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C17F8D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C17F7C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C17F936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91820ED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C17DBA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C17D26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C17D292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C17D04A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C17D186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C17D162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C17D1AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C17D2B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91836398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 83677349 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836B0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 836B7D80 4 Bytes [02, D2, 17, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 836B7DA8 4 Bytes [8C, 0D, 82, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 836B7E5C 8 Bytes [F0, F7, 17, 8C, 48, F8, 17, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 836B7E68 4 Bytes [5E, F9, 17, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 836B7E84 4 Bytes [46, F7, 17, 8C] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83844BE8 5 Bytes JMP 91831D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 8385D1B8 5 Bytes JMP 9183380A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 838722FF 4 Bytes CALL 8C17E34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8388C0D1 4 Bytes CALL 8C17E361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 83915F10 7 Bytes JMP 9183639C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text user32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes [E9, 0A, 5C, 8F, 89] {JMP 0xffffffff898f5c0f} .text user32.dll!UnhookWinEvent 7691B750 5 Bytes [E9, A7, 4C, 8F, 89] {JMP 0xffffffff898f4cac} .text user32.dll!SetWindowsHookExW 7691E30C 5 Bytes [E9, F3, 24, 8F, 89] {JMP 0xffffffff898f24f8} .text user32.dll!SetWinEventHook 769224DC 5 Bytes [E9, 17, DD, 8E, 89] {JMP 0xffffffff898edd1c} .text user32.dll!SetWindowsHookExA 76946D0C 5 Bytes [E9, EF, 98, 8C, 89] {JMP 0xffffffff898c98f4} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[108] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00580A08 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 005803FC .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00580804 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 005801F8 .text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[224] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00580600 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001503FC .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001501F8 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] kernel32.dll!SetUnhandledExceptionFilter 76CCF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 002E0A08 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002E03FC .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 002E0804 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002E01F8 .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[352] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 002E0600 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001A0A08 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001A03FC .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001A0804 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001A01F8 .text C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe[364] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001A0600 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe[372] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00180600 .text C:\windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00140A08 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001403FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00140804 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001401F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[492] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00140600 .text C:\windows\system32\wininit.exe[540] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000303FC .text C:\windows\system32\wininit.exe[540] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000301F8 .text C:\windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\wininit.exe[540] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 000C0A08 .text C:\windows\system32\wininit.exe[540] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 000C03FC .text C:\windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 000C0804 .text C:\windows\system32\wininit.exe[540] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 000C01F8 .text C:\windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 000C0600 .text C:\windows\system32\csrss.exe[548] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\services.exe[588] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\services.exe[588] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\services.exe[588] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\lsass.exe[604] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\lsm.exe[612] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\lsm.exe[612] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\lsm.exe[612] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[740] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[740] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[740] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[740] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00250A08 .text C:\windows\system32\svchost.exe[740] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002503FC .text C:\windows\system32\svchost.exe[740] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00250804 .text C:\windows\system32\svchost.exe[740] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002501F8 .text C:\windows\system32\svchost.exe[740] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00250600 .text C:\windows\system32\nvvsvc.exe[816] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\windows\system32\nvvsvc.exe[816] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\windows\system32\nvvsvc.exe[816] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\nvvsvc.exe[816] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\windows\system32\nvvsvc.exe[816] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\windows\system32\nvvsvc.exe[816] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\windows\system32\nvvsvc.exe[816] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\windows\system32\nvvsvc.exe[816] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\windows\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC .text C:\windows\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8 .text C:\windows\system32\svchost.exe[860] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[860] user32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 004F0A08 .text C:\windows\system32\svchost.exe[860] user32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 004F03FC .text C:\windows\system32\svchost.exe[860] user32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 004F0804 .text C:\windows\system32\svchost.exe[860] user32.dll!SetWinEventHook 769224DC 5 Bytes JMP 004F01F8 .text C:\windows\system32\svchost.exe[860] user32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 004F0600 .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Altium Designer\DXPSecurityService.exe[876] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\windows\System32\svchost.exe[920] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[920] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\System32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00530A08 .text C:\windows\System32\svchost.exe[920] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 005303FC .text C:\windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00530804 .text C:\windows\System32\svchost.exe[920] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 005301F8 .text C:\windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00530600 .text C:\windows\System32\svchost.exe[952] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[952] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\System32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00550A08 .text C:\windows\System32\svchost.exe[952] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 005503FC .text C:\windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00550804 .text C:\windows\System32\svchost.exe[952] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 005501F8 .text C:\windows\System32\svchost.exe[952] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00550600 .text C:\windows\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC .text C:\windows\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8 .text C:\windows\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00EE0A08 .text C:\windows\system32\svchost.exe[984] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 00EE03FC .text C:\windows\system32\svchost.exe[984] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00EE0804 .text C:\windows\system32\svchost.exe[984] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 00EE01F8 .text C:\windows\system32\svchost.exe[984] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00EE0600 .text C:\windows\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 005A0A08 .text C:\windows\system32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 005A03FC .text C:\windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 005A0804 .text C:\windows\system32\svchost.exe[1096] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 005A01F8 .text C:\windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 005A0600 .text C:\windows\system32\winlogon.exe[1120] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000303FC .text C:\windows\system32\winlogon.exe[1120] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000301F8 .text C:\windows\system32\winlogon.exe[1120] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\winlogon.exe[1120] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 000D0A08 .text C:\windows\system32\winlogon.exe[1120] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 000D03FC .text C:\windows\system32\winlogon.exe[1120] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 000D0804 .text C:\windows\system32\winlogon.exe[1120] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 000D01F8 .text C:\windows\system32\winlogon.exe[1120] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 000D0600 .text C:\windows\system32\AUDIODG.EXE[1204] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[1244] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00AB0A08 .text C:\windows\system32\svchost.exe[1244] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 00AB03FC .text C:\windows\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00AB0804 .text C:\windows\system32\svchost.exe[1244] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 00AB01F8 .text C:\windows\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00AB0600 .text C:\windows\system32\nvvsvc.exe[1416] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\windows\system32\nvvsvc.exe[1416] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\windows\system32\nvvsvc.exe[1416] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\nvvsvc.exe[1416] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\windows\system32\nvvsvc.exe[1416] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\windows\system32\nvvsvc.exe[1416] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\windows\system32\nvvsvc.exe[1416] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\windows\system32\nvvsvc.exe[1416] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] kernel32.dll!SetUnhandledExceptionFilter 76CCF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1440] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\System32\svchost.exe[1504] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[1504] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[1504] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1564] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\windows\System32\spoolsv.exe[1800] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\System32\spoolsv.exe[1800] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\System32\spoolsv.exe[1800] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\System32\spoolsv.exe[1800] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00140A08 .text C:\windows\System32\spoolsv.exe[1800] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001403FC .text C:\windows\System32\spoolsv.exe[1800] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00140804 .text C:\windows\System32\spoolsv.exe[1800] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001401F8 .text C:\windows\System32\spoolsv.exe[1800] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00140600 .text C:\windows\system32\svchost.exe[1860] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1860] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[1860] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00180A08 .text C:\windows\system32\svchost.exe[1860] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001803FC .text C:\windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00180804 .text C:\windows\system32\svchost.exe[1860] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001801F8 .text C:\windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00180600 .text C:\windows\system32\svchost.exe[1884] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1884] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1884] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[1884] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00420A08 .text C:\windows\system32\svchost.exe[1884] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 004203FC .text C:\windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00420804 .text C:\windows\system32\svchost.exe[1884] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 004201F8 .text C:\windows\system32\svchost.exe[1884] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00420600 .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001503FC .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001501F8 .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001E03FC .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001E0804 .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] USER32.dll!SetWinEventHook 769224DC 3 Bytes JMP 001E01F8 .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] USER32.dll!SetWinEventHook + 4 769224E0 1 Byte [89] .text C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe[1972] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001E0600 .text C:\windows\System32\svchost.exe[2052] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[2052] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[2052] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\System32\IgrsSvcs.exe[2080] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\System32\IgrsSvcs.exe[2080] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\System32\IgrsSvcs.exe[2080] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2104] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2184] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2184] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2184] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000E03FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000E01F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00180A08 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001803FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00180804 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001801F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00180600 .text C:\windows\system32\svchost.exe[2316] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC .text C:\windows\system32\svchost.exe[2316] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8 .text C:\windows\system32\svchost.exe[2316] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2356] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00300A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 003003FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00300804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 003001F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2532] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00300600 .text C:\windows\system32\SearchIndexer.exe[2564] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\SearchIndexer.exe[2564] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\SearchIndexer.exe[2564] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\SearchIndexer.exe[2564] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00100A08 .text C:\windows\system32\SearchIndexer.exe[2564] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001003FC .text C:\windows\system32\SearchIndexer.exe[2564] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00100804 .text C:\windows\system32\SearchIndexer.exe[2564] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001001F8 .text C:\windows\system32\SearchIndexer.exe[2564] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00100600 .text C:\windows\system32\svchost.exe[2660] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[2660] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[2660] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001503FC .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001501F8 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002003FC .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00200804 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002001F8 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] USER32.dll!SetWindowsHookExA 76946D0C 3 Bytes JMP 00200600 .text C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe[2960] USER32.dll!SetWindowsHookExA + 4 76946D10 1 Byte [89] .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001803FC .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00180804 .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001801F8 .text C:\Program Files\Lenovo\Energy Management\utility.exe[3012] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00180600 .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00210A08 .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002103FC .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00210804 .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002101F8 .text C:\Program Files\Lenovo\Energy Management\Energy Management.exe[3024] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00210600 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001A0A08 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001A03FC .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001A0804 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001A01F8 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe[3040] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001A0600 .text C:\windows\system32\wbem\wmiprvse.exe[3084] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\wbem\wmiprvse.exe[3084] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\wbem\wmiprvse.exe[3084] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\wbem\wmiprvse.exe[3084] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00100A08 .text C:\windows\system32\wbem\wmiprvse.exe[3084] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001003FC .text C:\windows\system32\wbem\wmiprvse.exe[3084] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00100804 .text C:\windows\system32\wbem\wmiprvse.exe[3084] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001001F8 .text C:\windows\system32\wbem\wmiprvse.exe[3084] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00100600 .text C:\windows\system32\Dwm.exe[3288] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC .text C:\windows\system32\Dwm.exe[3288] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8 .text C:\windows\system32\Dwm.exe[3288] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\Dwm.exe[3288] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00230A08 .text C:\windows\system32\Dwm.exe[3288] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002303FC .text C:\windows\system32\Dwm.exe[3288] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00230804 .text C:\windows\system32\Dwm.exe[3288] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002301F8 .text C:\windows\system32\Dwm.exe[3288] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00230600 .text C:\windows\Explorer.EXE[3316] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\Explorer.EXE[3316] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\Explorer.EXE[3316] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\Explorer.EXE[3316] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00250A08 .text C:\windows\Explorer.EXE[3316] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002503FC .text C:\windows\Explorer.EXE[3316] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00250804 .text C:\windows\Explorer.EXE[3316] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002501F8 .text C:\windows\Explorer.EXE[3316] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00250600 .text C:\windows\Explorer.EXE[3316] SHELL32.dll!SHFileOperationW 75C596F6 5 Bytes JMP 04141102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00220A08 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002203FC .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00220804 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002201F8 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe[3404] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00220600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3408] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\windows\system32\taskhost.exe[3444] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000503FC .text C:\windows\system32\taskhost.exe[3444] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000501F8 .text C:\windows\system32\taskhost.exe[3444] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\taskhost.exe[3444] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 000E0A08 .text C:\windows\system32\taskhost.exe[3444] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 000E03FC .text C:\windows\system32\taskhost.exe[3444] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 000E0804 .text C:\windows\system32\taskhost.exe[3444] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 000E01F8 .text C:\windows\system32\taskhost.exe[3444] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 000E0600 .text C:\windows\System32\rundll32.exe[3480] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000703FC .text C:\windows\System32\rundll32.exe[3480] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000701F8 .text C:\windows\System32\rundll32.exe[3480] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\System32\rundll32.exe[3480] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00100A08 .text C:\windows\System32\rundll32.exe[3480] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001003FC .text C:\windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00100804 .text C:\windows\System32\rundll32.exe[3480] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001001F8 .text C:\windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00100600 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00240A08 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002403FC .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00240804 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002401F8 .text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3532] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00240600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3536] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002003FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00200804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002001F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] USER32.dll!SetWindowsHookExA 76946D0C 3 Bytes JMP 00200600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3664] USER32.dll!SetWindowsHookExA + 4 76946D10 1 Byte [89] .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe[3696] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00200A08 .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002003FC .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00200804 .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002001F8 .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] USER32.dll!SetWindowsHookExA 76946D0C 3 Bytes JMP 00200600 .text C:\Program Files\Lenovo\VeriFace\PManage.exe[3748] USER32.dll!SetWindowsHookExA + 4 76946D10 1 Byte [89] .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe[3788] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3844] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001503FC .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001501F8 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[3872] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00310A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 003103FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00310804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 003101F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3912] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00310600 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3984] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00300A08 .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 003003FC .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00300804 .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 003001F8 .text C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe[4080] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00300600 .text B:\download\e288kvx3.exe[4204] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text B:\download\e288kvx3.exe[4204] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text B:\download\e288kvx3.exe[4204] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text B:\download\e288kvx3.exe[4204] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00210A08 .text B:\download\e288kvx3.exe[4204] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 002103FC .text B:\download\e288kvx3.exe[4204] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00210804 .text B:\download\e288kvx3.exe[4204] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 002101F8 .text B:\download\e288kvx3.exe[4204] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00210600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4236] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4284] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4320] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00180600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001003FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00100804 .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001001F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5040] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00100600 .text C:\windows\system32\svchost.exe[5048] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[5048] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[5048] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\system32\svchost.exe[5048] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 009A0A08 .text C:\windows\system32\svchost.exe[5048] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 009A03FC .text C:\windows\system32\svchost.exe[5048] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 009A0804 .text C:\windows\system32\svchost.exe[5048] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 009A01F8 .text C:\windows\system32\svchost.exe[5048] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 009A0600 .text C:\windows\System32\svchost.exe[5112] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC .text C:\windows\System32\svchost.exe[5112] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8 .text C:\windows\System32\svchost.exe[5112] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\windows\System32\svchost.exe[5112] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00360A08 .text C:\windows\System32\svchost.exe[5112] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 003603FC .text C:\windows\System32\svchost.exe[5112] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00360804 .text C:\windows\System32\svchost.exe[5112] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 003601F8 .text C:\windows\System32\svchost.exe[5112] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00360600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[5152] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00100600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] kernel32.dll!GetBinaryTypeW + 70 76CE69F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!UnhookWindowsHookEx 7691ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!UnhookWinEvent 7691B750 5 Bytes JMP 001003FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!SetWindowsHookExW 7691E30C 5 Bytes JMP 00100804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!SetWinEventHook 769224DC 5 Bytes JMP 001001F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!TrackPopupMenu 76932228 5 Bytes JMP 66C089D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5892] USER32.dll!SetWindowsHookExA 76946D0C 5 Bytes JMP 00100600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [737A2437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73785600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737856BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [737A24B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73798514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73794CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7379506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73795144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73796671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7379826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [737987BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7379901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7379E1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[3316] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73794BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\System32\rundll32.exe[3480] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\System32\rundll32.exe[3480] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\System32\rundll32.exe[3480] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\System32\rundll32.exe[3480] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7540FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000095 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\BTHUSB \Device\00000097 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076ab2160 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076ab2160@001167fa9ccc 0x7F 0x79 0x55 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0x25 0x4B 0x64 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076ab2160 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076ab2160@001167fa9ccc 0x7F 0x79 0x55 0xBE ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0x25 0x4B 0x64 ... ---- EOF - GMER 1.0.15 ----