GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-21 21:22:00 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 Running: 5g8it4jc.exe; Driver: C:\Users\Bilu\AppData\Local\Temp\aftcyaog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FE25202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91612C48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FE277F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FE27848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FE2795E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FE27746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8FE27898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FE2779A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FE2790C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FE25226] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91612CF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8FE24FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FE2524A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FE27D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FE25CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FE27820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FE27870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FE27988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FE27772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FE278D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FE277C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FE27936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91612D90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FE25BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FE2526E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FE25292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FE2504A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FE25186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FE25162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FE251AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FE252B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91628762] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83889839 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 838AE3F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 838B5BA4 4 Bytes [02, 52, E2, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 838B5BCC 4 Bytes [48, 2C, 61, 91] {DEC EAX; SUB AL, 0x61; XCHG ECX, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 838B5C80 8 Bytes [F0, 77, E2, 8F, 48, 78, E2, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 838B5C8C 4 Bytes [5E, 79, E2, 8F] .text ntkrnlpa.exe!RtlSidHashLookup + 318 838B5CA8 4 Bytes [46, 77, E2, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83A503BE 5 Bytes JMP 9162411E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83A6A0CD 5 Bytes JMP 91625BD4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83AB4784 4 Bytes CALL 8FE2634B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83ABC895 4 Bytes CALL 8FE26361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 83B22506 7 Bytes JMP 91628766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text user32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes [E9, 88, 3D, 86, 8A] {JMP 0xffffffff8a863d8d} .text user32.dll!UnhookWinEvent 75B8D924 5 Bytes [E9, D3, 2A, 86, 8A] {JMP 0xffffffff8a862ad8} .text user32.dll!SetWindowsHookExW 75B9210A 5 Bytes [E9, F5, E6, 85, 8A] {JMP 0xffffffff8a85e6fa} .text user32.dll!SetWinEventHook 75B9507E 5 Bytes [E9, 75, B1, 85, 8A] {JMP 0xffffffff8a85b17a} .text user32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes [E9, 01, 98, 83, 8A] {JMP 0xffffffff8a839806} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Bonjour\mDNSResponder.exe[356] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Bonjour\mDNSResponder.exe[356] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[356] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[356] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[356] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001003FC .text C:\Program Files\Bonjour\mDNSResponder.exe[356] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00100804 .text C:\Program Files\Bonjour\mDNSResponder.exe[356] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001001F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[356] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe[372] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe[376] KERNEL32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\csrss.exe[464] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\srvany.exe[508] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000903FC .text C:\windows\system32\srvany.exe[508] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000901F8 .text C:\windows\system32\srvany.exe[508] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\srvany.exe[508] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00120A08 .text C:\windows\system32\srvany.exe[508] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001203FC .text C:\windows\system32\srvany.exe[508] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00120804 .text C:\windows\system32\srvany.exe[508] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001201F8 .text C:\windows\system32\srvany.exe[508] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00120600 .text C:\windows\system32\wininit.exe[536] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000303FC .text C:\windows\system32\wininit.exe[536] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000301F8 .text C:\windows\system32\wininit.exe[536] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\wininit.exe[536] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00100A08 .text C:\windows\system32\wininit.exe[536] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001003FC .text C:\windows\system32\wininit.exe[536] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00100804 .text C:\windows\system32\wininit.exe[536] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001001F8 .text C:\windows\system32\wininit.exe[536] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00100600 .text C:\windows\system32\csrss.exe[544] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\services.exe[596] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\services.exe[596] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\services.exe[596] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\lsass.exe[612] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\lsass.exe[612] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\lsm.exe[620] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\lsm.exe[620] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\lsm.exe[620] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\conhost.exe[664] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000303FC .text C:\windows\system32\conhost.exe[664] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000301F8 .text C:\windows\system32\conhost.exe[664] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\conhost.exe[664] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00050A08 .text C:\windows\system32\conhost.exe[664] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 000503FC .text C:\windows\system32\conhost.exe[664] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00050804 .text C:\windows\system32\conhost.exe[664] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 000501F8 .text C:\windows\system32\conhost.exe[664] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00050600 .text C:\windows\KMService.exe[696] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 002F03FC .text C:\windows\KMService.exe[696] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 002F01F8 .text C:\windows\KMService.exe[696] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\KMService.exe[696] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00300A08 .text C:\windows\KMService.exe[696] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 003003FC .text C:\windows\KMService.exe[696] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00300804 .text C:\windows\KMService.exe[696] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 003001F8 .text C:\windows\KMService.exe[696] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00300600 .text C:\windows\system32\svchost.exe[716] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000A03FC .text C:\windows\system32\svchost.exe[716] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000A01F8 .text C:\windows\system32\svchost.exe[716] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\nvvsvc.exe[796] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\windows\system32\nvvsvc.exe[796] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\windows\system32\nvvsvc.exe[796] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\nvvsvc.exe[796] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\windows\system32\nvvsvc.exe[796] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\windows\system32\nvvsvc.exe[796] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\windows\system32\nvvsvc.exe[796] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\windows\system32\nvvsvc.exe[796] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\System32\svchost.exe[904] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[904] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[904] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\System32\svchost.exe[904] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00180A08 .text C:\windows\System32\svchost.exe[904] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001803FC .text C:\windows\System32\svchost.exe[904] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00180804 .text C:\windows\System32\svchost.exe[904] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001801F8 .text C:\windows\System32\svchost.exe[904] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00180600 .text C:\windows\System32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000A03FC .text C:\windows\System32\svchost.exe[936] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000A01F8 .text C:\windows\System32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\System32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00970A08 .text C:\windows\System32\svchost.exe[936] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 009703FC .text C:\windows\System32\svchost.exe[936] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00970804 .text C:\windows\System32\svchost.exe[936] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 009701F8 .text C:\windows\System32\svchost.exe[936] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00970600 .text C:\windows\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 01220A08 .text C:\windows\system32\svchost.exe[976] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 012203FC .text C:\windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 01220804 .text C:\windows\system32\svchost.exe[976] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 012201F8 .text C:\windows\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 01220600 .text C:\windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 005B0A08 .text C:\windows\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 005B03FC .text C:\windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 005B0804 .text C:\windows\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 005B01F8 .text C:\windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 005B0600 .text C:\windows\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\svchost.exe[1168] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00AD0A08 .text C:\windows\system32\svchost.exe[1168] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 00AD03FC .text C:\windows\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00AD0804 .text C:\windows\system32\svchost.exe[1168] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 00AD01F8 .text C:\windows\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00AD0600 .text C:\windows\system32\winlogon.exe[1252] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000703FC .text C:\windows\system32\winlogon.exe[1252] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000701F8 .text C:\windows\system32\winlogon.exe[1252] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\winlogon.exe[1252] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00100A08 .text C:\windows\system32\winlogon.exe[1252] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001003FC .text C:\windows\system32\winlogon.exe[1252] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00100804 .text C:\windows\system32\winlogon.exe[1252] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001001F8 .text C:\windows\system32\winlogon.exe[1252] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00190A08 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001903FC .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00190804 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001901F8 .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[1308] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00190600 .text C:\windows\system32\nvvsvc.exe[1392] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\windows\system32\nvvsvc.exe[1392] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\windows\system32\nvvsvc.exe[1392] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\nvvsvc.exe[1392] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\windows\system32\nvvsvc.exe[1392] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\windows\system32\nvvsvc.exe[1392] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\windows\system32\nvvsvc.exe[1392] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\windows\system32\nvvsvc.exe[1392] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 75D53122 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\SYSTEM32\Rezip.exe[1448] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001503FC .text C:\windows\SYSTEM32\Rezip.exe[1448] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001501F8 .text C:\windows\SYSTEM32\Rezip.exe[1448] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\SYSTEM32\Rezip.exe[1448] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001E0A08 .text C:\windows\SYSTEM32\Rezip.exe[1448] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001E03FC .text C:\windows\SYSTEM32\Rezip.exe[1448] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001E0804 .text C:\windows\SYSTEM32\Rezip.exe[1448] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001E01F8 .text C:\windows\SYSTEM32\Rezip.exe[1448] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001E0600 .text C:\Program Files\iPod\bin\iPodService.exe[1480] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\Program Files\iPod\bin\iPodService.exe[1480] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\Program Files\iPod\bin\iPodService.exe[1480] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[1480] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\iPod\bin\iPodService.exe[1480] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001003FC .text C:\Program Files\iPod\bin\iPodService.exe[1480] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00100804 .text C:\Program Files\iPod\bin\iPodService.exe[1480] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001001F8 .text C:\Program Files\iPod\bin\iPodService.exe[1480] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00100600 .text C:\windows\Explorer.EXE[1496] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\Explorer.EXE[1496] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\Explorer.EXE[1496] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\Explorer.EXE[1496] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00150A08 .text C:\windows\Explorer.EXE[1496] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001503FC .text C:\windows\Explorer.EXE[1496] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00150804 .text C:\windows\Explorer.EXE[1496] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001501F8 .text C:\windows\Explorer.EXE[1496] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00150600 .text C:\Program Files\iTunes\iTunesHelper.exe[1516] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\Program Files\iTunes\iTunesHelper.exe[1516] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\Program Files\iTunes\iTunesHelper.exe[1516] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[1516] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00080A08 .text C:\Program Files\iTunes\iTunesHelper.exe[1516] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 000803FC .text C:\Program Files\iTunes\iTunesHelper.exe[1516] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00080804 .text C:\Program Files\iTunes\iTunesHelper.exe[1516] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 000801F8 .text C:\Program Files\iTunes\iTunesHelper.exe[1516] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00080600 .text C:\windows\System32\spoolsv.exe[1884] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\System32\spoolsv.exe[1884] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\System32\spoolsv.exe[1884] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\System32\spoolsv.exe[1884] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00140A08 .text C:\windows\System32\spoolsv.exe[1884] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001403FC .text C:\windows\System32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00140804 .text C:\windows\System32\spoolsv.exe[1884] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001401F8 .text C:\windows\System32\spoolsv.exe[1884] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00140600 .text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1920] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00250A08 .text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 002503FC .text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00250804 .text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 002501F8 .text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00250600 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[1940] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00130A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001303FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00130804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001301F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00130600 .text C:\windows\System32\svchost.exe[2072] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[2072] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[2072] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\System32\svchost.exe[2072] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00190A08 .text C:\windows\System32\svchost.exe[2072] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001903FC .text C:\windows\System32\svchost.exe[2072] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00190804 .text C:\windows\System32\svchost.exe[2072] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001901F8 .text C:\windows\System32\svchost.exe[2072] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00130A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001303FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00130804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001301F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2104] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00130600 .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe[2132] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 002203FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 002201F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00340A08 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 003403FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00340804 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 003401F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2312] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00340600 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00300A08 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 003003FC .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00300804 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 003001F8 .text C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe[2324] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00300600 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[2344] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2356] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateFile + 6 772346B6 4 Bytes [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateFile + B 772346BB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateKey + 6 772346F6 4 Bytes [68, 01, 23, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateKey + B 772346FB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateMutant + 6 77234736 4 Bytes [68, 02, 23, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateMutant + B 7723473B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateSection + 6 772347D6 4 Bytes [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtCreateSection + B 772347DB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtMapViewOfSection + B 77234D1B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenFile + 6 77234DC6 4 Bytes [68, 00, 23, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenFile + B 77234DCB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenKey + 6 77234DF6 4 Bytes [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenKey + B 77234DFB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenKeyEx + B 77234E0B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenMutant + 6 77234E46 4 Bytes [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenMutant + B 77234E4B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcess + 6 77234E76 1 Byte [68] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcess + 6 77234E76 4 Bytes [68, 03, 23, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcess + B 77234E7B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcessToken + 6 77234E86 1 Byte [A8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcessToken + 6 77234E86 4 Bytes [A8, 03, 23, 00] {TEST AL, 0x3; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcessToken + B 77234E8B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcessTokenEx + 6 77234E96 4 Bytes [68, 04, 23, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenProcessTokenEx + B 77234E9B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenSection + B 77234EBB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenThread + 6 77234EF6 1 Byte [28] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenThread + 6 77234EF6 4 Bytes [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenThread + B 77234EFB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenThreadToken + 6 77234F06 4 Bytes [28, 04, 23, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenThreadToken + B 77234F0B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenThreadTokenEx + 6 77234F16 4 Bytes [A8, 04, 23, 00] {TEST AL, 0x4; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtOpenThreadTokenEx + B 77234F1B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtQueryAttributesFile + 6 77235026 4 Bytes [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtQueryAttributesFile + B 7723502B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtQueryFullAttributesFile + B 772350DB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtSetInformationFile + 6 77235726 4 Bytes [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]} .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtSetInformationFile + B 7723572B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtSetInformationThread + 6 77235786 1 Byte [E8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtSetInformationThread + B 7723578B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 77235AA6 4 Bytes [28, 05, 23, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!NtUnmapViewOfSection + B 77235AAB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 002403FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 002401F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] kernel32.dll!CreateProcessW 75D0202D 5 Bytes JMP 001D0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] kernel32.dll!CreateProcessA 75D02062 5 Bytes JMP 001D0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SelectObject 75CB61D0 5 Bytes JMP 002805F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetTextColor 75CB6622 5 Bytes JMP 00280A30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetBkMode 75CB66CD 5 Bytes JMP 002808F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!DeleteObject 75CB68B4 5 Bytes JMP 002801B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!DeleteDC 75CB6A2C 5 Bytes JMP 00280170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!ExtSelectClipRgn 75CB6C72 5 Bytes JMP 002802F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SelectClipRgn 75CB6D84 5 Bytes JMP 002805B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetDeviceCaps 75CB6E03 5 Bytes JMP 002803B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetStretchBltMode 75CB73CE 5 Bytes JMP 002806B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetCurrentObject 75CB777C 5 Bytes JMP 00280370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetTextMetricsW 75CB798F 5 Bytes JMP 00280E30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!IntersectClipRect 75CB7CCA 5 Bytes JMP 002803F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetTextAlign 75CB7D15 5 Bytes JMP 00280D70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetTextAlign 75CB7F92 5 Bytes JMP 002809F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!ExtTextOutW 75CB8053 5 Bytes JMP 00280970 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetClipBox 75CB81F2 5 Bytes JMP 00280330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!MoveToEx 75CB8A16 5 Bytes JMP 00280470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!CreateDCA 75CB9975 5 Bytes JMP 002800B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!RestoreDC 75CB9A10 5 Bytes JMP 00280530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SaveDC 75CB9AD2 5 Bytes JMP 00280570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!StretchDIBits 75CBAC38 5 Bytes JMP 00280770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetTextFaceW 75CBB4CC 5 Bytes JMP 00280D30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetTextExtentPoint32W 75CBB535 5 Bytes JMP 00280670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetFontData 75CBB8E8 5 Bytes JMP 00280C70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!CreateDCW 75CBBD21 5 Bytes JMP 002800F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!CreateICW 75CBC660 5 Bytes JMP 00280130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!LineTo 75CBCA20 5 Bytes JMP 00280430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetWorldTransform 75CBCB42 5 Bytes JMP 002806F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetTextMetricsA 75CBCE46 5 Bytes JMP 00280DF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!Rectangle 75CBF5BE 5 Bytes JMP 002809B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetICMMode 75CBF8D4 5 Bytes JMP 00280DB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!ExtTextOutA 75CC0158 5 Bytes JMP 00280930 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetTextExtentPoint32A 75CC08BB 5 Bytes JMP 00280630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!Escape 75CC0B0D 5 Bytes JMP 00280270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!ExtEscape 75CC3472 5 Bytes JMP 002802B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetTextFaceA 75CC3E49 5 Bytes JMP 00280CF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetPolyFillMode 75CC6CE1 5 Bytes JMP 00280B30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SetMiterLimit 75CC6E54 5 Bytes JMP 00280B70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!ResetDCW 75CD031C 5 Bytes JMP 00280AB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!EndPage 75CD07CD 5 Bytes JMP 00280230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!GetGlyphOutlineW 75CDC292 5 Bytes JMP 00280CB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!CreateScalableFontResourceW 75CDE8EF 5 Bytes JMP 00280BB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!AddFontResourceW 75CDECEB 5 Bytes JMP 00280BF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!RemoveFontResourceW 75CDF1E1 5 Bytes JMP 00280C30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!AbortDoc 75CE4D37 5 Bytes JMP 00280030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!EndDoc 75CE517E 5 Bytes JMP 002801F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!StartPage 75CE5269 5 Bytes JMP 00280730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!StartDocW 75CE5BB6 5 Bytes JMP 002807F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!BeginPath 75CE635D 5 Bytes JMP 00280830 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!SelectClipPath 75CE63B4 5 Bytes JMP 00280AF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!CloseFigure 75CE640F 5 Bytes JMP 00280070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!EndPath 75CE6466 5 Bytes JMP 00280A70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!StrokePath 75CE6699 5 Bytes JMP 002807B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!FillPath 75CE6726 5 Bytes JMP 00280870 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!PolylineTo 75CE6B94 5 Bytes JMP 002804F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!PolyBezierTo 75CE6C25 5 Bytes JMP 002804B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] GDI32.dll!PolyDraw 75CE6CD7 5 Bytes JMP 002808B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!ActivateKeyboardLayout 75B8817D 5 Bytes JMP 002904F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!ScreenToClient 75B8C1F2 7 Bytes JMP 00290670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00570A08 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 005703FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!RegisterClipboardFormatA 75B8E6B1 5 Bytes JMP 002902F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!RegisterClipboardFormatW 75B8EDFD 5 Bytes JMP 002902B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00570804 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 005701F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!SetCursor 75B952EA 5 Bytes JMP 00290530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!MonitorFromWindow 75B9590A 7 Bytes JMP 00290630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!PostMessageW 75B96225 5 Bytes JMP 002905F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!IsWindowVisible 75B96939 7 Bytes JMP 002906B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetClientRect 75B974B1 7 Bytes JMP 002905B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!MapWindowPoints 75B97915 5 Bytes JMP 00290570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetParent 75B97AB3 7 Bytes JMP 002906F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!SetClipboardData 75BA4979 5 Bytes JMP 00290170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!EmptyClipboard 75BA4A28 5 Bytes JMP 00290130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetClipboardData 75BA4B47 5 Bytes JMP 00290030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!EnumClipboardFormats 75BA4D98 5 Bytes JMP 002901B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetClipboardFormatNameW 75BA7EB2 5 Bytes JMP 00290230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!SetClipboardViewer 75BA8F4D 5 Bytes JMP 002904B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetClipboardFormatNameA 75BA8F61 5 Bytes JMP 00290270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetOpenClipboardWindow 75BA902F 1 Byte [E9] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetOpenClipboardWindow 75BA902F 5 Bytes JMP 002903F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!ChangeClipboardChain 75BB3425 5 Bytes JMP 00290430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetTopWindow 75BB3A5D 7 Bytes JMP 00290730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!CloseClipboard 75BB5BA7 5 Bytes JMP 002900B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!OpenClipboard 75BB5BB9 5 Bytes JMP 00290070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!IsClipboardFormatAvailable 75BB5C3A 5 Bytes JMP 002900F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetClipboardSequenceNumber 75BB5C4E 5 Bytes JMP 00290330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetClipboardOwner 75BB5C60 5 Bytes JMP 00290370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!CountClipboardFormats 75BB5DC9 5 Bytes JMP 002901F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00570600 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!SetCursorPos 75BCC1D8 5 Bytes JMP 00290770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetClipboardViewer 75BE4B57 5 Bytes JMP 00290470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] USER32.dll!GetPriorityClipboardFormat 75BE4C59 5 Bytes JMP 002903B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ole32.dll!OleSetClipboard 7700F2FE 5 Bytes JMP 002A0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ole32.dll!OleIsCurrentClipboard 77012489 5 Bytes JMP 002A0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] ole32.dll!OleGetClipboard 7703F825 5 Bytes JMP 002A00B0 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00300A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 003003FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00300804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 003001F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2604] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00300600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00220A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 002203FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00220804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 002201F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2648] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00220600 .text C:\windows\system32\SearchIndexer.exe[2672] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000A03FC .text C:\windows\system32\SearchIndexer.exe[2672] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000A01F8 .text C:\windows\system32\SearchIndexer.exe[2672] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\SearchIndexer.exe[2672] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00240A08 .text C:\windows\system32\SearchIndexer.exe[2672] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 002403FC .text C:\windows\system32\SearchIndexer.exe[2672] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00240804 .text C:\windows\system32\SearchIndexer.exe[2672] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 002401F8 .text C:\windows\system32\SearchIndexer.exe[2672] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00240600 .text C:\windows\system32\svchost.exe[2708] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[2708] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[2708] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[2748] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000A03FC .text C:\Program Files\Winamp\winampa.exe[2748] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000A01F8 .text C:\Program Files\Winamp\winampa.exe[2748] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[2748] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00240A08 .text C:\Program Files\Winamp\winampa.exe[2748] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 002403FC .text C:\Program Files\Winamp\winampa.exe[2748] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00240804 .text C:\Program Files\Winamp\winampa.exe[2748] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 002401F8 .text C:\Program Files\Winamp\winampa.exe[2748] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00240600 .text C:\windows\system32\taskhost.exe[3108] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000503FC .text C:\windows\system32\taskhost.exe[3108] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000501F8 .text C:\windows\system32\taskhost.exe[3108] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\taskhost.exe[3108] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 000E0A08 .text C:\windows\system32\taskhost.exe[3108] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 000E03FC .text C:\windows\system32\taskhost.exe[3108] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 000E0804 .text C:\windows\system32\taskhost.exe[3108] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 000E01F8 .text C:\windows\system32\taskhost.exe[3108] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 000E0600 .text C:\windows\system32\taskeng.exe[3208] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\taskeng.exe[3208] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\taskeng.exe[3208] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\taskeng.exe[3208] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 000F0A08 .text C:\windows\system32\taskeng.exe[3208] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 000F03FC .text C:\windows\system32\taskeng.exe[3208] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 000F0804 .text C:\windows\system32\taskeng.exe[3208] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 000F01F8 .text C:\windows\system32\taskeng.exe[3208] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 000F0600 .text C:\windows\system32\Dwm.exe[3268] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\Dwm.exe[3268] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\Dwm.exe[3268] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\Dwm.exe[3268] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 000F0A08 .text C:\windows\system32\Dwm.exe[3268] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 000F03FC .text C:\windows\system32\Dwm.exe[3268] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 000F0804 .text C:\windows\system32\Dwm.exe[3268] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 000F01F8 .text C:\windows\system32\Dwm.exe[3268] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe[3308] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\windows\system32\AUDIODG.EXE[3332] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 002003FC .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00200804 .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 002001F8 .text C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe[3368] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00200600 .text C:\windows\system32\wuauclt.exe[3460] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000703FC .text C:\windows\system32\wuauclt.exe[3460] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000701F8 .text C:\windows\system32\wuauclt.exe[3460] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\wuauclt.exe[3460] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00150A08 .text C:\windows\system32\wuauclt.exe[3460] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001503FC .text C:\windows\system32\wuauclt.exe[3460] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00150804 .text C:\windows\system32\wuauclt.exe[3460] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001501F8 .text C:\windows\system32\wuauclt.exe[3460] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00150600 .text C:\windows\system32\svchost.exe[3552] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[3552] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[3552] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\windows\system32\svchost.exe[3552] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00920A08 .text C:\windows\system32\svchost.exe[3552] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 009203FC .text C:\windows\system32\svchost.exe[3552] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00920804 .text C:\windows\system32\svchost.exe[3552] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 009201F8 .text C:\windows\system32\svchost.exe[3552] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00920600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3664] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3988] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Winamp\winamp.exe[4512] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Winamp\winamp.exe[4512] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Program Files\Winamp\winamp.exe[4512] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Winamp\winamp.exe[4512] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Winamp\winamp.exe[4512] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001F03FC .text C:\Program Files\Winamp\winamp.exe[4512] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 001F0804 .text C:\Program Files\Winamp\winamp.exe[4512] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Winamp\winamp.exe[4512] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 001F0600 .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 001603FC .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 001601F8 .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 003F0A08 .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 003F03FC .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 003F0804 .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 003F01F8 .text C:\Users\Bilu\Downloads\5g8it4jc.exe[4532] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 003F0600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!CharToOemA + 3A 75B8B1DE 7 Bytes JMP 5EB69CEE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 00110A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 001103FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 00110804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 001101F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!AdjustWindowRectEx + 117 75B9660F 7 Bytes JMP 5EB69C7D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!GetWindowInfo 75B96A82 5 Bytes JMP 5E9B353A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!MenuItemFromPoint + F 75BB4B36 7 Bytes JMP 5E9B3B61 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4908] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 00110600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 5E858FA0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 75D4C0A7 7 Bytes JMP 5EA96C90 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] kernel32.dll!CloseHandle + 38 75D505CF 7 Bytes JMP 5EA96CB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] kernel32.dll!GetExitCodeProcess + 2C 75D5311D 7 Bytes JMP 5E85DF1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 000F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 000F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5136] GDI32.dll!GetViewportOrgEx + 21C 75CB85EB 7 Bytes JMP 5EA96C11 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] ntdll.dll!LdrUnloadDll 7724BD1F 5 Bytes JMP 000603FC .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] ntdll.dll!LdrLoadDll 7724F425 5 Bytes JMP 000601F8 .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] kernel32.dll!GetBinaryTypeW + 70 75D67934 1 Byte [62] .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] USER32.dll!UnhookWindowsHookEx 75B8CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] USER32.dll!UnhookWinEvent 75B8D924 5 Bytes JMP 000F03FC .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] USER32.dll!SetWindowsHookExW 75B9210A 5 Bytes JMP 000F0804 .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] USER32.dll!SetWinEventHook 75B9507E 5 Bytes JMP 000F01F8 .text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[5804] USER32.dll!SetWindowsHookExA 75BB6DFA 5 Bytes JMP 000F0600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739424FA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7392565B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73925719] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73942575] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [739385D9] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73934D8D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73935134] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73935209] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73936736] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73938330] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7393887F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [739390E0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7393E283] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[1496] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73934CBF] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] @ C:\windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 001D0090 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] @ C:\windows\system32\ole32.dll [USER32.dll!GetKeyState] 002907D0 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00290790 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002907D0 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 001D0090 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2560] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 001D0090 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\BTHUSB \Device\0000007d bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\0000007f bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe3967c9 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0xA7 0x30 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe3967c9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0xA7 0x30 0xE1 ... ---- EOF - GMER 1.0.15 ----