GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-23 23:29:56
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5 ST3500320AS rev.SD15
Running: 43oxpg8d.exe; Driver: C:\Users\dom\AppData\Local\Temp\pxtiqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwAddBootEntry [0x91032536]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwAllocateVirtualMemory [0x91ABF7BA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwAssignProcessToJobObject [0x91032F52]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateEvent [0x9103DD7A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateEventPair [0x9103DDC6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateIoCompletion [0x9103DF48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateMutant [0x9103DCE8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwCreateSection [0x91ABFBAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateSemaphore [0x9103DD30]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateThread [0x91033146]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateThreadEx [0x910332CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwCreateTimer [0x9103DF02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwDebugActiveProcess [0x910338CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwDeleteBootEntry [0x91032584]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwFreeVirtualMemory [0x91ABF89E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwLoadDriver [0x910321EC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwModifyBootEntry [0x910325D2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwNotifyChangeKey [0x910372A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwNotifyChangeMultipleKeys [0x91034292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenEvent [0x9103DDA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenEventPair [0x9103DDE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenIoCompletion [0x9103DF6C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenMutant [0x9103DD0E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenSection [0x9103DE8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenSemaphore [0x9103DD58]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwOpenTimer [0x9103DF26]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwProtectVirtualMemory [0x91ABFA1E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwQueryObject [0x9103415E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwQueueApcThreadEx [0x91033E9A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetBootEntryOrder [0x91032620]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetBootOptions [0x9103266E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetContextThread [0x9103374A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetSystemInformation [0x91032276]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSetSystemPowerState [0x91032426]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwShutdownSystem [0x910323CC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSuspendProcess [0x91033A2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSuspendThread [0x91033B88]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwSystemDebugControl [0x91032496]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwTerminateProcess [0x91ABFAE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwTerminateThread [0x910335CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                     ZwVdmControl [0x910326BC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwWriteVirtualMemory [0x91ABF954]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ZwCreateProcessEx [0x91AD7744]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                     ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                                                 83453599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                    83478092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 214                                                                                                       8347F864 4 Bytes  [36, 25, 03, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                                                                       8347F88C 4 Bytes  [BA, F7, AB, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 29C                                                                                                       8347F8EC 4 Bytes  [52, 2F, 03, 91]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2F0                                                                                                       8347F940 8 Bytes  [7A, DD, 03, 91, C6, DD, 03, ...] {JP 0xffffffffffffffdf; ADD EDX, [ECX-0x6efc223a]}
.text           ntkrnlpa.exe!RtlSidHashLookup + 2FC                                                                                                       8347F94C 4 Bytes  [48, DF, 03, 91] {DEC EAX; FILD WORD [EBX]; XCHG ECX, EAX}
.text           ...                                                                                                                                       
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                                        836193BE 5 Bytes  JMP 91AD461C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                                          836330CD 5 Bytes  JMP 91AD6116 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                               8367D762 4 Bytes  CALL 91034959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                              83685873 4 Bytes  CALL 9103496F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                                            836EB4DE 7 Bytes  JMP 91AD7748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                  section is writeable [0x94435000, 0x388539, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                     94D9DCB8 1 Byte  [00]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                                       A8EEA000 68 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 4FD5                                                                                                       A8EEA045 203 Bytes  [8B, C6, F0, 0F, BA, 28, 00, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50A1                                                                                                       A8EEA111 17 Bytes  [87, 01, 6A, 00, 6A, 20, A3, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                                       A8EEA123 629 Bytes  [55, EE, A8, FE, 05, 34, 55, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                                       A8EEA399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            ...                                                                                                                                       
.text           kernel32.dll!GetBinaryTypeW + 70                                                                                                          77A478FC 1 Byte  [62]
.text           user32.dll!UnhookWindowsHookEx                                                                                                            76C8CC7B 5 Bytes  [E9, 88, 3D, 69, 89] {JMP 0xffffffff89693d8d}
.text           user32.dll!UnhookWinEvent                                                                                                                 76C8D924 5 Bytes  [E9, D3, 2A, 69, 89] {JMP 0xffffffff89692ad8}
.text           user32.dll!SetWindowsHookExW                                                                                                              76C9210A 5 Bytes  [E9, F5, E6, 68, 89] {JMP 0xffffffff8968e6fa}
.text           user32.dll!SetWinEventHook                                                                                                                76C9507E 5 Bytes  [E9, 75, B1, 68, 89] {JMP 0xffffffff8968b17a}
.text           user32.dll!SetWindowsHookExA                                                                                                              76CB6DFA 5 Bytes  [E9, 01, 98, 66, 89] {JMP 0xffffffff89669806}

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[116] kernel32.dll!GetBinaryTypeW + 70                                                                     77A478FC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[176] ntdll.dll!LdrUnloadDll                                                                               77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[176] ntdll.dll!LdrLoadDll                                                                                 77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[176] kernel32.dll!GetBinaryTypeW + 70                                                                     77A478FC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[176] user32.dll!UnhookWindowsHookEx                                                                       76C8CC7B 5 Bytes  JMP 00390A08 
.text           C:\Windows\System32\svchost.exe[176] user32.dll!UnhookWinEvent                                                                            76C8D924 5 Bytes  JMP 003903FC 
.text           C:\Windows\System32\svchost.exe[176] user32.dll!SetWindowsHookExW                                                                         76C9210A 5 Bytes  JMP 00390804 
.text           C:\Windows\System32\svchost.exe[176] user32.dll!SetWinEventHook                                                                           76C9507E 5 Bytes  JMP 003901F8 
.text           C:\Windows\System32\svchost.exe[176] user32.dll!SetWindowsHookExA                                                                         76CB6DFA 5 Bytes  JMP 00390600 
.text           C:\Windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70                                                                       77A478FC 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[528] kernel32.dll!GetBinaryTypeW + 70                                                                     77A478FC 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[536] kernel32.dll!GetBinaryTypeW + 70                                                                       77A478FC 1 Byte  [62]
.text           C:\Windows\system32\services.exe[584] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70                                                                       77A478FC 1 Byte  [62]
.text           ...                                                                                                                                       
.text           C:\Windows\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll                                                                              77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll                                                                                77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx                                                                      76C8CC7B 5 Bytes  JMP 00AB0A08 
.text           C:\Windows\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent                                                                           76C8D924 5 Bytes  JMP 00AB03FC 
.text           C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW                                                                        76C9210A 5 Bytes  JMP 00AB0804 
.text           C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWinEventHook                                                                          76C9507E 5 Bytes  JMP 00AB01F8 
.text           C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA                                                                        76CB6DFA 5 Bytes  JMP 00AB0600 
.text           C:\Program Files\Common Files\WireHelpSvc.exe[1140] kernel32.dll!GetBinaryTypeW + 70                                                      77A478FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1332] kernel32.dll!SetUnhandledExceptionFilter                                        77A330E2 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1332] kernel32.dll!GetBinaryTypeW + 70                                                77A478FC 1 Byte  [62]
.text           C:\Windows\system32\atieclxx.exe[1348] kernel32.dll!GetBinaryTypeW + 70                                                                   77A478FC 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[1508] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1540] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[1668] kernel32.dll!GetBinaryTypeW + 70                                                                   77A478FC 1 Byte  [62]
.text           ...                                                                                                                                       
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] ntdll.dll!LdrUnloadDll                                                           77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] ntdll.dll!LdrLoadDll                                                             77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] kernel32.dll!GetBinaryTypeW + 70                                                 77A478FC 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] USER32.dll!UnhookWindowsHookEx                                                   76C8CC7B 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] USER32.dll!UnhookWinEvent                                                        76C8D924 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] USER32.dll!SetWindowsHookExW                                                     76C9210A 5 Bytes  JMP 00100804 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] USER32.dll!SetWinEventHook                                                       76C9507E 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[1956] USER32.dll!SetWindowsHookExA                                                     76CB6DFA 5 Bytes  JMP 00100600 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1980] kernel32.dll!GetBinaryTypeW + 70                                             77A478FC 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe[2004] kernel32.dll!GetBinaryTypeW + 70          77A478FC 1 Byte  [62]
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] ntdll.dll!LdrUnloadDll                                                                          77C3BD1F 5 Bytes  JMP 001603FC 
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] ntdll.dll!LdrLoadDll                                                                            77C3F425 5 Bytes  JMP 001601F8 
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] kernel32.dll!GetBinaryTypeW + 70                                                                77A478FC 1 Byte  [62]
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] USER32.dll!UnhookWindowsHookEx                                                                  76C8CC7B 5 Bytes  JMP 00320A08 
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] USER32.dll!UnhookWinEvent                                                                       76C8D924 5 Bytes  JMP 003203FC 
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] USER32.dll!SetWindowsHookExW                                                                    76C9210A 5 Bytes  JMP 00320804 
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] USER32.dll!SetWinEventHook                                                                      76C9507E 5 Bytes  JMP 003201F8 
.text           C:\Users\dom\Downloads\43oxpg8d.exe[2056] USER32.dll!SetWindowsHookExA                                                                    76CB6DFA 5 Bytes  JMP 00320600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] ntdll.dll!LdrUnloadDll                                                                 77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] ntdll.dll!LdrLoadDll                                                                   77C3F425 5 Bytes  JMP 66D1B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F                                         77A2C057 7 Bytes  JMP 66FCB6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] kernel32.dll!CloseHandle + 38                                                          77A3058F 7 Bytes  JMP 66FCB6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] kernel32.dll!GetBinaryTypeW + 70                                                       77A478FC 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] USER32.dll!UnhookWindowsHookEx                                                         76C8CC7B 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] USER32.dll!UnhookWinEvent                                                              76C8D924 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] USER32.dll!SetWindowsHookExW                                                           76C9210A 5 Bytes  JMP 00080804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] USER32.dll!SetWinEventHook                                                             76C9507E 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] USER32.dll!SetWindowsHookExA                                                           76CB6DFA 5 Bytes  JMP 00080600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2288] GDI32.dll!GetViewportOrgEx + 21C                                                       769085EB 7 Bytes  JMP 66FCB653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2356] kernel32.dll!GetBinaryTypeW + 70                                                 77A478FC 1 Byte  [62]
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] ntdll.dll!LdrUnloadDll                                                              77C3BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] ntdll.dll!LdrLoadDll                                                                77C3F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] kernel32.dll!GetBinaryTypeW + 70                                                    77A478FC 1 Byte  [62]
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] USER32.dll!UnhookWindowsHookEx                                                      76C8CC7B 5 Bytes  JMP 00300A08 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] USER32.dll!UnhookWinEvent                                                           76C8D924 5 Bytes  JMP 003003FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] USER32.dll!SetWindowsHookExW                                                        76C9210A 5 Bytes  JMP 00300804 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] USER32.dll!SetWinEventHook                                                          76C9507E 5 Bytes  JMP 003001F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2484] USER32.dll!SetWindowsHookExA                                                        76CB6DFA 5 Bytes  JMP 00300600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] ntdll.dll!LdrUnloadDll                                                  77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] ntdll.dll!LdrLoadDll                                                    77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] kernel32.dll!GetBinaryTypeW + 70                                        77A478FC 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] USER32.dll!UnhookWindowsHookEx                                          76C8CC7B 5 Bytes  JMP 00120A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] USER32.dll!UnhookWinEvent                                               76C8D924 5 Bytes  JMP 001203FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] USER32.dll!SetWindowsHookExW                                            76C9210A 5 Bytes  JMP 00120804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] USER32.dll!SetWinEventHook                                              76C9507E 5 Bytes  JMP 001201F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2592] USER32.dll!SetWindowsHookExA                                            76CB6DFA 5 Bytes  JMP 00120600 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] ntdll.dll!LdrUnloadDll                                                   77C3BD1F 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] ntdll.dll!LdrLoadDll                                                     77C3F425 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] kernel32.dll!GetBinaryTypeW + 70                                         77A478FC 1 Byte  [62]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] USER32.dll!UnhookWindowsHookEx                                           76C8CC7B 5 Bytes  JMP 00310A08 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] USER32.dll!UnhookWinEvent                                                76C8D924 5 Bytes  JMP 003103FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] USER32.dll!SetWindowsHookExW                                             76C9210A 5 Bytes  JMP 00310804 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] USER32.dll!SetWinEventHook                                               76C9507E 5 Bytes  JMP 003101F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[2668] USER32.dll!SetWindowsHookExA                                             76CB6DFA 5 Bytes  JMP 00310600 
.text           C:\Windows\System32\svchost.exe[2684] ntdll.dll!LdrUnloadDll                                                                              77C3BD1F 5 Bytes  JMP 000A03FC 
.text           C:\Windows\System32\svchost.exe[2684] ntdll.dll!LdrLoadDll                                                                                77C3F425 5 Bytes  JMP 000A01F8 
.text           C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[2684] USER32.dll!UnhookWindowsHookEx                                                                      76C8CC7B 5 Bytes  JMP 00180A08 
.text           C:\Windows\System32\svchost.exe[2684] USER32.dll!UnhookWinEvent                                                                           76C8D924 5 Bytes  JMP 001803FC 
.text           C:\Windows\System32\svchost.exe[2684] USER32.dll!SetWindowsHookExW                                                                        76C9210A 5 Bytes  JMP 00180804 
.text           C:\Windows\System32\svchost.exe[2684] USER32.dll!SetWinEventHook                                                                          76C9507E 5 Bytes  JMP 001801F8 
.text           C:\Windows\System32\svchost.exe[2684] USER32.dll!SetWindowsHookExA                                                                        76CB6DFA 5 Bytes  JMP 00180600 
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!LdrUnloadDll                                                              77C3BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!LdrLoadDll                                                                77C3F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] kernel32.dll!GetBinaryTypeW + 70                                                    77A478FC 1 Byte  [62]
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!UnhookWindowsHookEx                                                      76C8CC7B 5 Bytes  JMP 00360A08 
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!UnhookWinEvent                                                           76C8D924 5 Bytes  JMP 003603FC 
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWindowsHookExW                                                        76C9210A 5 Bytes  JMP 00360804 
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWinEventHook                                                          76C9507E 5 Bytes  JMP 003601F8 
.text           C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWindowsHookExA                                                        76CB6DFA 5 Bytes  JMP 00360600 
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] ntdll.dll!LdrUnloadDll                                                    77C3BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] ntdll.dll!LdrLoadDll                                                      77C3F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] kernel32.dll!GetBinaryTypeW + 70                                          77A478FC 1 Byte  [62]
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] USER32.dll!UnhookWindowsHookEx                                            76C8CC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] USER32.dll!UnhookWinEvent                                                 76C8D924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] USER32.dll!SetWindowsHookExW                                              76C9210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] USER32.dll!SetWinEventHook                                                76C9507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[2720] USER32.dll!SetWindowsHookExA                                              76CB6DFA 5 Bytes  JMP 001F0600 
.text           C:\Windows\system32\SearchIndexer.exe[2924] ntdll.dll!LdrUnloadDll                                                                        77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\SearchIndexer.exe[2924] ntdll.dll!LdrLoadDll                                                                          77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\SearchIndexer.exe[2924] kernel32.dll!GetBinaryTypeW + 70                                                              77A478FC 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[2924] USER32.dll!UnhookWindowsHookEx                                                                76C8CC7B 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\SearchIndexer.exe[2924] USER32.dll!UnhookWinEvent                                                                     76C8D924 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\SearchIndexer.exe[2924] USER32.dll!SetWindowsHookExW                                                                  76C9210A 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\SearchIndexer.exe[2924] USER32.dll!SetWinEventHook                                                                    76C9507E 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\SearchIndexer.exe[2924] USER32.dll!SetWindowsHookExA                                                                  76CB6DFA 5 Bytes  JMP 00100600 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] ntdll.dll!LdrUnloadDll                                                        77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] ntdll.dll!LdrLoadDll                                                          77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] kernel32.dll!GetBinaryTypeW + 70                                              77A478FC 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!CharToOemA + 3A                                                    76C8B1DE 7 Bytes  JMP 670DC453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!UnhookWindowsHookEx                                                76C8CC7B 5 Bytes  JMP 00140A08 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!UnhookWinEvent                                                     76C8D924 5 Bytes  JMP 001403FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!SetWindowsHookExW                                                  76C9210A 5 Bytes  JMP 00140804 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!SetWinEventHook                                                    76C9507E 5 Bytes  JMP 001401F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!AdjustWindowRectEx + 117                                           76C9660F 7 Bytes  JMP 670DC3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!GetWindowInfo                                                      76C96A82 5 Bytes  JMP 66E9BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!MenuItemFromPoint + F                                              76CB4B36 7 Bytes  JMP 66E9C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2936] USER32.dll!SetWindowsHookExA                                                  76CB6DFA 5 Bytes  JMP 00140600 
.text           C:\Windows\system32\sppsvc.exe[3280] ntdll.dll!LdrUnloadDll                                                                               77C3BD1F 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\sppsvc.exe[3280] ntdll.dll!LdrLoadDll                                                                                 77C3F425 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\sppsvc.exe[3280] kernel32.dll!GetBinaryTypeW + 70                                                                     77A478FC 1 Byte  [62]
.text           C:\Windows\system32\sppsvc.exe[3280] USER32.dll!UnhookWindowsHookEx                                                                       76C8CC7B 5 Bytes  JMP 000A0A08 
.text           C:\Windows\system32\sppsvc.exe[3280] USER32.dll!UnhookWinEvent                                                                            76C8D924 5 Bytes  JMP 000A03FC 
.text           C:\Windows\system32\sppsvc.exe[3280] USER32.dll!SetWindowsHookExW                                                                         76C9210A 5 Bytes  JMP 000A0804 
.text           C:\Windows\system32\sppsvc.exe[3280] USER32.dll!SetWinEventHook                                                                           76C9507E 5 Bytes  JMP 000A01F8 
.text           C:\Windows\system32\sppsvc.exe[3280] USER32.dll!SetWindowsHookExA                                                                         76CB6DFA 5 Bytes  JMP 000A0600 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateFile + 6                                    77C246B6 4 Bytes  [28, 00, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateFile + B                                    77C246BB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateKey + 6                                     77C246F6 4 Bytes  [68, 01, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateKey + B                                     77C246FB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateMutant + 6                                  77C24736 4 Bytes  [68, 02, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateMutant + B                                  77C2473B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateSection + 6                                 77C247D6 4 Bytes  [A8, 02, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtCreateSection + B                                 77C247DB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtMapViewOfSection + 6                              77C24D16 4 Bytes  CALL 76C2541F C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtMapViewOfSection + B                              77C24D1B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenFile + 6                                      77C24DC6 4 Bytes  [68, 00, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenFile + B                                      77C24DCB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenKey + 6                                       77C24DF6 4 Bytes  [A8, 01, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenKey + B                                       77C24DFB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenKeyEx + 6                                     77C24E06 4 Bytes  CALL 76C2550C C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenKeyEx + B                                     77C24E0B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenMutant + 6                                    77C24E46 4 Bytes  [28, 02, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenMutant + B                                    77C24E4B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcess + 6                                   77C24E76 1 Byte  [68]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcess + 6                                   77C24E76 4 Bytes  [68, 03, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcess + B                                   77C24E7B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcessToken + 6                              77C24E86 1 Byte  [A8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcessToken + 6                              77C24E86 4 Bytes  [A8, 03, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcessToken + B                              77C24E8B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcessTokenEx + 6                            77C24E96 4 Bytes  [68, 04, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenProcessTokenEx + B                            77C24E9B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenSection + 6                                   77C24EB6 4 Bytes  CALL 76C255BD C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenSection + B                                   77C24EBB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenThread + 6                                    77C24EF6 1 Byte  [28]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenThread + 6                                    77C24EF6 4 Bytes  [28, 03, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenThread + B                                    77C24EFB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenThreadToken + 6                               77C24F06 4 Bytes  [28, 04, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenThreadToken + B                               77C24F0B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenThreadTokenEx + 6                             77C24F16 4 Bytes  [A8, 04, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtOpenThreadTokenEx + B                             77C24F1B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtQueryAttributesFile + 6                           77C25026 4 Bytes  [A8, 00, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtQueryAttributesFile + B                           77C2502B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtQueryFullAttributesFile + 6                       77C250D6 4 Bytes  CALL 76C257DB C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtQueryFullAttributesFile + B                       77C250DB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtSetInformationFile + 6                            77C25726 4 Bytes  [28, 01, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtSetInformationFile + B                            77C2572B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtSetInformationThread + 6                          77C25786 1 Byte  [E8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtSetInformationThread + 6                          77C25786 4 Bytes  CALL 76C25E8E C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtSetInformationThread + B                          77C2578B 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtUnmapViewOfSection + 6                            77C25AA6 4 Bytes  [28, 05, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!NtUnmapViewOfSection + B                            77C25AAB 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!LdrUnloadDll                                        77C3BD1F 5 Bytes  JMP 000803FC 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ntdll.dll!LdrLoadDll                                          77C3F425 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] kernel32.dll!CreateProcessW                                   779E202D 5 Bytes  JMP 00010030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] kernel32.dll!CreateProcessA                                   779E2062 5 Bytes  JMP 00010070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] kernel32.dll!GetBinaryTypeW + 70                              77A478FC 1 Byte  [62]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SelectObject                                        769061D0 5 Bytes  JMP 001305F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetTextColor                                        76906622 5 Bytes  JMP 001309F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetBkMode                                           769066CD 5 Bytes  JMP 001308B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!DeleteObject                                        769068B4 5 Bytes  JMP 001301B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!DeleteDC                                            76906A2C 5 Bytes  JMP 00130170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!ExtSelectClipRgn                                    76906C72 5 Bytes  JMP 001302F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SelectClipRgn                                       76906D84 5 Bytes  JMP 001305B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetDeviceCaps                                       76906E03 5 Bytes  JMP 001303B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetStretchBltMode                                   769073CE 5 Bytes  JMP 00130670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetCurrentObject                                    7690777C 5 Bytes  JMP 00130370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetTextMetricsW                                     7690798F 5 Bytes  JMP 00130DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!IntersectClipRect                                   76907CCA 5 Bytes  JMP 001303F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetTextAlign                                        76907D15 5 Bytes  JMP 00130D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetTextAlign                                        76907F92 5 Bytes  JMP 001309B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!ExtTextOutW                                         76908053 5 Bytes  JMP 00130930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetClipBox                                          769081F2 5 Bytes  JMP 00130330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!MoveToEx                                            76908A16 5 Bytes  JMP 00130470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!CreateDCA                                           76909975 5 Bytes  JMP 001300B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!RestoreDC                                           76909A10 5 Bytes  JMP 00130530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SaveDC                                              76909AD2 5 Bytes  JMP 00130570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!StretchDIBits                                       7690AC38 5 Bytes  JMP 00130730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetTextFaceW                                        7690B4CC 5 Bytes  JMP 00130CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetTextExtentPoint32W                               7690B535 5 Bytes  JMP 00130630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetFontData                                         7690B8E8 5 Bytes  JMP 00130C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!CreateDCW                                           7690BD21 5 Bytes  JMP 001300F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!CreateICW                                           7690C660 5 Bytes  JMP 00130130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!LineTo                                              7690CA20 5 Bytes  JMP 00130430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetWorldTransform                                   7690CB42 5 Bytes  JMP 001306B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetTextMetricsA                                     7690CE46 5 Bytes  JMP 00130DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!Rectangle                                           7690F5BE 5 Bytes  JMP 00130970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetICMMode                                          7690F8D4 5 Bytes  JMP 00130D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!ExtTextOutA                                         76910158 5 Bytes  JMP 001308F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!Escape                                              76910B0D 5 Bytes  JMP 00130270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!ExtEscape                                           76913472 5 Bytes  JMP 001302B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetTextFaceA                                        76913E49 5 Bytes  JMP 00130CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetPolyFillMode                                     76916CE1 5 Bytes  JMP 00130AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SetMiterLimit                                       76916E54 5 Bytes  JMP 00130B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!ResetDCW                                            7692031C 5 Bytes  JMP 00130A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!EndPage                                             769207CD 5 Bytes  JMP 00130230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!GetGlyphOutlineW                                    7692C292 5 Bytes  JMP 00130C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!CreateScalableFontResourceW                         7692E8EF 5 Bytes  JMP 00130B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!AddFontResourceW                                    7692ECEB 5 Bytes  JMP 00130BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!RemoveFontResourceW                                 7692F1E1 5 Bytes  JMP 00130BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!AbortDoc                                            76934D37 5 Bytes  JMP 00130030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!EndDoc                                              7693517E 5 Bytes  JMP 001301F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!StartPage                                           76935269 5 Bytes  JMP 001306F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!StartDocW                                           76935BB6 5 Bytes  JMP 001307B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!BeginPath                                           7693635D 5 Bytes  JMP 001307F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!SelectClipPath                                      769363B4 5 Bytes  JMP 00130AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!CloseFigure                                         7693640F 5 Bytes  JMP 00130070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!EndPath                                             76936466 5 Bytes  JMP 00130A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!StrokePath                                          76936699 5 Bytes  JMP 00130770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!FillPath                                            76936726 5 Bytes  JMP 00130830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!PolylineTo                                          76936B94 5 Bytes  JMP 001304F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!PolyBezierTo                                        76936C25 5 Bytes  JMP 001304B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] GDI32.dll!PolyDraw                                            76936CD7 5 Bytes  JMP 00130870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!ActivateKeyboardLayout                             76C8817D 5 Bytes  JMP 001404F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!ScreenToClient                                     76C8C1F2 7 Bytes  JMP 00140670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!UnhookWindowsHookEx                                76C8CC7B 5 Bytes  JMP 002B0A08 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!UnhookWinEvent                                     76C8D924 5 Bytes  JMP 002B03FC 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!RegisterClipboardFormatA                           76C8E6B1 5 Bytes  JMP 001402F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!RegisterClipboardFormatW                           76C8EDFD 5 Bytes  JMP 001402B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!SetWindowsHookExW                                  76C9210A 5 Bytes  JMP 002B0804 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!SetWinEventHook                                    76C9507E 5 Bytes  JMP 002B01F8 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!SetCursor                                          76C952EA 5 Bytes  JMP 00140530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!MonitorFromWindow                                  76C9590A 7 Bytes  JMP 00140630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!PostMessageW                                       76C96225 5 Bytes  JMP 001405F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!IsWindowVisible                                    76C96939 7 Bytes  JMP 001406B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetClientRect                                      76C974B1 7 Bytes  JMP 001405B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!MapWindowPoints                                    76C97915 5 Bytes  JMP 00140570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetParent                                          76C97AB3 7 Bytes  JMP 001406F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!SetClipboardData                                   76CA4979 5 Bytes  JMP 00140170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!EmptyClipboard                                     76CA4A28 5 Bytes  JMP 00140130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetClipboardData                                   76CA4B47 5 Bytes  JMP 00140030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!EnumClipboardFormats                               76CA4D98 5 Bytes  JMP 001401B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetClipboardFormatNameW                            76CA7EB2 5 Bytes  JMP 00140230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!SetClipboardViewer                                 76CA8F4D 5 Bytes  JMP 001404B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetClipboardFormatNameA                            76CA8F61 5 Bytes  JMP 00140270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetOpenClipboardWindow                             76CA902F 1 Byte  [E9]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetOpenClipboardWindow                             76CA902F 5 Bytes  JMP 001403F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!ChangeClipboardChain                               76CB3425 5 Bytes  JMP 00140430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetTopWindow                                       76CB3A5D 7 Bytes  JMP 00140730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!CloseClipboard                                     76CB5BA7 5 Bytes  JMP 001400B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!OpenClipboard                                      76CB5BB9 5 Bytes  JMP 00140070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!IsClipboardFormatAvailable                         76CB5C3A 5 Bytes  JMP 001400F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetClipboardSequenceNumber                         76CB5C4E 5 Bytes  JMP 00140330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetClipboardOwner                                  76CB5C60 5 Bytes  JMP 00140370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!CountClipboardFormats                              76CB5DC9 5 Bytes  JMP 001401F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!SetWindowsHookExA                                  76CB6DFA 5 Bytes  JMP 002B0600 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!SetCursorPos                                       76CCC1D8 5 Bytes  JMP 00140770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetClipboardViewer                                 76CE4B57 5 Bytes  JMP 00140470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] USER32.dll!GetPriorityClipboardFormat                         76CE4C59 5 Bytes  JMP 001403B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ole32.dll!OleSetClipboard                                     76A8F2FE 5 Bytes  JMP 00150030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ole32.dll!OleIsCurrentClipboard                               76A92489 5 Bytes  JMP 00150070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] ole32.dll!OleGetClipboard                                     76ABF825 5 Bytes  JMP 001500B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] ntdll.dll!LdrUnloadDll                                        77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] ntdll.dll!LdrLoadDll                                          77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] kernel32.dll!GetBinaryTypeW + 70                              77A478FC 1 Byte  [62]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] USER32.dll!UnhookWindowsHookEx                                76C8CC7B 5 Bytes  JMP 00080A08 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] USER32.dll!UnhookWinEvent                                     76C8D924 5 Bytes  JMP 000803FC 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] USER32.dll!SetWindowsHookExW                                  76C9210A 5 Bytes  JMP 00080804 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] USER32.dll!SetWinEventHook                                    76C9507E 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3880] USER32.dll!SetWindowsHookExA                                  76CB6DFA 5 Bytes  JMP 00080600 
.text           C:\Windows\system32\AUDIODG.EXE[3904] ntdll.dll!LdrUnloadDll                                                                              77C3BD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\AUDIODG.EXE[3904] ntdll.dll!LdrLoadDll                                                                                77C3F425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\AUDIODG.EXE[3904] kernel32.dll!GetBinaryTypeW + 70                                                                    77A478FC 1 Byte  [62]
.text           C:\Windows\system32\AUDIODG.EXE[3904] USER32.dll!UnhookWindowsHookEx                                                                      76C8CC7B 5 Bytes  JMP 00140A08 
.text           C:\Windows\system32\AUDIODG.EXE[3904] USER32.dll!UnhookWinEvent                                                                           76C8D924 5 Bytes  JMP 001403FC 
.text           C:\Windows\system32\AUDIODG.EXE[3904] USER32.dll!SetWindowsHookExW                                                                        76C9210A 5 Bytes  JMP 00140804 
.text           C:\Windows\system32\AUDIODG.EXE[3904] USER32.dll!SetWinEventHook                                                                          76C9507E 5 Bytes  JMP 001401F8 
.text           C:\Windows\system32\AUDIODG.EXE[3904] USER32.dll!SetWindowsHookExA                                                                        76CB6DFA 5 Bytes  JMP 00140600 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                  [740BF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [740BF6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW]  00010090
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState]      001407D0
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus]       00140790
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState]    001407D0
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]  00010090
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[3872] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW]  00010090

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                    aswSP.SYS (avast! self protection module/AVAST Software)
Device          \Driver\ACPI_HAL \Device\000000dd                                                                                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                   aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File            C:\avast! sandbox                                                                                                                         0 bytes
File            C:\avast! sandbox\S-1-5-21-3295308795-277811586-1615858928-1000                                                                           0 bytes
File            C:\avast! sandbox\S-1-5-21-3295308795-277811586-1615858928-1000\sfzone                                                                    0 bytes
File            C:\avast! sandbox\S-1-5-21-3295308795-277811586-1615858928-1000\sfzone\C                                                                  0 bytes
File            C:\avast! sandbox\S-1-5-21-3295308795-277811586-1615858928-1000\sfzone\snx_fs.dat                                                         180 bytes
File            C:\avast! sandbox\snx_rhive                                                                                                               262144 bytes
File            C:\avast! sandbox\snx_rhive.LOG1                                                                                                          5120 bytes
File            C:\avast! sandbox\snx_rhive.LOG2                                                                                                          0 bytes
File            C:\avast! sandbox\snx_rhive{a5212343-c395-11e1-bf65-dcc8d6f965fe}.TM.blf                                                                  65536 bytes
File            C:\avast! sandbox\snx_rhive{a5212343-c395-11e1-bf65-dcc8d6f965fe}.TMContainer00000000000000000001.regtrans-ms                             524288 bytes
File            C:\avast! sandbox\snx_rhive{a5212343-c395-11e1-bf65-dcc8d6f965fe}.TMContainer00000000000000000002.regtrans-ms                             524288 bytes

---- EOF - GMER 1.0.15 ----
