nettiliittymä suljettu 2krt viikona aikana haittaliikenteen vuoksi..

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by tramal200, Feb 18, 2013.

Thread Status:
Not open for further replies.
  1. tramal200

    tramal200 Member

    Joined:
    Aug 27, 2007
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    16
    Oiskohan näissä jotain ihmeellisyyksiä ja mitä pitäis tehdä? MBAM ja erinäisiä netticsannereita ajettu läpi useampia ja mikään ei löydä mitään.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:03:15, on 18.2.2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\AdFender\AdFender.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - Global Startup: AdFender.lnk = C:\Program Files (x86)\AdFender\AdFender.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Ohjelmien yhteensopivuusapuohjelma -palvelu (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

    --
    End of file - 19628 bytes


    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-18 15:52:31
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 WDC_WD6400AAKS-00A7B0 rev.01.03B01 596,17GB
    Running: gmer.exe; Driver: C:\Users\SS\AppData\Local\Temp\pxldypoc.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88002fc9d64 12 bytes {MOV RAX, 0xfffffa8004de32a0; JMP RAX}

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\winlogon.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\atiesrxx.exe[900] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\System32\svchost.exe[972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\System32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1044] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\System32\spoolsv.exe[1520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\Explorer.EXE[1528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\taskhost.exe[1620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1788] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
    .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
    .text ... * 2
    .text C:\Windows\system32\svchost.exe[1928] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 00000001001a075c
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001001a03a4
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 00000001001a0b14
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 00000001001a0ecc
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 00000001001a163c
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 00000001001a1284
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001001a19f4
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\system32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2584] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
    .text ... * 2
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100101014
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100100804
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100100a08
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100100c0c
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100100e10
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001001f8
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001003fc
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100100600
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001001101f8
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001001103fc
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100110804
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100110600
    .text C:\Program Files (x86)\AdFender\AdFender.exe[2696] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100110a08
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\system32\wbem\unsecapp.exe[2804] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\system32\wbem\wmiprvse.exe[2876] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 000000010009075c
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001000903a4
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 0000000100090b14
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 0000000100090ecc
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 000000010009163c
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 0000000100091284
    .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001000919f4
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 00000001003b075c
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001003b03a4
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 00000001003b0b14
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 00000001003b0ecc
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 3 bytes JMP 00000001003b163c
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 00000000778315d4 1 byte [88]
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 00000001003b1284
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001003b19f4
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2844] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001000a01f8
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001000a03fc
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 00000001000a0804
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 00000001000a0600
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 00000001000a0a08
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100161014
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100160804
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100160a08
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100160c0c
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100160e10
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001601f8
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001603fc
    .text C:\Program Files (x86)\Nero\Update\NASvc.exe[2064] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100160600
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 00000001002c075c
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001002c03a4
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 00000001002c0b14
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 00000001002c0ecc
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 00000001002c163c
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 00000001002c1284
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001002c19f4
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\System32\svchost.exe[3068] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2600] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 000000010019075c
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001001903a4
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 0000000100190b14
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 0000000100190ecc
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 000000010019163c
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 0000000100191284
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001001919f4
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\System32\svchost.exe[3712] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Windows\system32\AUDIODG.EXE[3992] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001000901f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001000903fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100090804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100090600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100090a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 00000001000a1014
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 00000001000a0804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 00000001000a0a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 00000001000a0c0c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 00000001000a0e10
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001000a01f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001000a03fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 00000001000a0600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
    .text ... * 2
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000779df991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 00000000779df99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 00000000779dfa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 00000000779dfa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100130600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 00000000779dfb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 00000000779dfb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100130804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000779dfbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 00000000779dfbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000779dfc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 00000000779dfc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000779dfc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 00000000779dfc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000779dfc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 00000000779dfc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000779dfc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 00000000779dfc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100130c0c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000779dfce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 00000000779dfcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000779dfcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 00000000779dfd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000779dfd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 00000000779dfd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 00000000779dfdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 00000000779dfdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000779dfe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 00000000779dfe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 00000000779dff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 00000000779dff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100130a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000779e0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000779e00a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 00000000779e0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 00000000779e078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 00000000779e0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 00000000779e1007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 00000000779e105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 00000000779e1067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000779e10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000779e10af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000779e111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000779e1127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000779e1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000779e132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100130e10
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001001301f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001001303fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNEL32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNEL32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007584119f 5 bytes JMP 0000000100030030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000758411cf 5 bytes JMP 0000000100030070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075894de0 3 bytes JMP 00000001001503b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps + 4 0000000075894de4 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075894f70 3 bytes JMP 00000001001505f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectObject + 4 0000000075894f74 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000758951a2 3 bytes JMP 00000001001508f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetBkMode + 4 00000000758951a6 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextColor 000000007589522d 3 bytes JMP 0000000100150a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextColor + 4 0000000075895231 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075895689 3 bytes JMP 00000001001501b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteObject + 4 000000007589568d 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000758958b3 3 bytes JMP 0000000100150170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!DeleteDC + 4 00000000758958b7 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075896bad 3 bytes JMP 0000000100150370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetCurrentObject + 4 0000000075896bb1 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075896e05 3 bytes JMP 0000000100150570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SaveDC + 4 0000000075896e09 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075896ead 3 bytes JMP 0000000100150530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!RestoreDC + 4 0000000075896eb1 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075897180 3 bytes JMP 00000001001506b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode + 4 0000000075897184 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075897435 3 bytes JMP 0000000100150770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StretchDIBits + 4 0000000075897439 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075897bcc 3 bytes JMP 00000001001500b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCA + 4 0000000075897bd0 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075897dc4 3 bytes JMP 00000001001503f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!IntersectClipRect + 4 0000000075897dc8 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075897fd5 3 bytes JMP 0000000100150d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextAlign + 4 0000000075897fd9 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000758982b2 3 bytes JMP 0000000100150e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW + 4 00000000758982b6 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075898401 3 bytes JMP 00000001001509f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetTextAlign + 4 0000000075898405 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007589879f 3 bytes JMP 00000001001502f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn + 4 00000000758987a3 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075898916 3 bytes JMP 00000001001505b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectClipRgn + 4 000000007589891a 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075898b7a 3 bytes JMP 0000000100150970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutW + 4 0000000075898b7e 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075898ee6 3 bytes JMP 0000000100150470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!MoveToEx + 4 0000000075898eea 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075899875 3 bytes JMP 0000000100150c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetFontData + 4 0000000075899879 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075899936 3 bytes JMP 0000000100150d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextFaceW + 4 000000007589993a 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007589a53a 3 bytes JMP 00000001001509b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!Rectangle + 4 000000007589a53e 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetClipBox 000000007589af9f 3 bytes JMP 0000000100150330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetClipBox + 4 000000007589afa3 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!LineTo 000000007589b9e5 3 bytes JMP 0000000100150430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!LineTo + 4 000000007589b9e9 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetICMMode 000000007589bd55 3 bytes JMP 0000000100150db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetICMMode + 4 000000007589bd59 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007589c040 3 bytes JMP 0000000100150130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateICW + 4 000000007589c044 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007589c107 3 bytes JMP 0000000100150670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W + 4 000000007589c10b 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007589c269 3 bytes JMP 00000001001506f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetWorldTransform + 4 000000007589c26d 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007589d1f1 3 bytes JMP 0000000100150df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA + 4 000000007589d1f5 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007589d349 3 bytes JMP 0000000100150630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A + 4 000000007589d34d 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007589dce4 3 bytes JMP 0000000100150930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtTextOutA + 4 000000007589dce8 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007589e743 3 bytes JMP 00000001001500f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateDCW + 4 000000007589e747 1 byte [8A]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000758a03b7 5 bytes JMP 00000001001502b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!Escape 00000000758a1bda 5 bytes JMP 0000000100150270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000758a1e89 5 bytes JMP 0000000100150cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000758a4843 5 bytes JMP 0000000100150b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000758a5690 5 bytes JMP 0000000100150b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!EndPage 00000000758a6bde 5 bytes JMP 0000000100150230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000758ae2db 5 bytes JMP 0000000100150ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000758b940d 5 bytes JMP 0000000100150cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000758bc621 5 bytes JMP 0000000100150bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000758bd2b2 5 bytes JMP 0000000100150bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000758bd919 5 bytes JMP 0000000100150c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000758c3adc 5 bytes JMP 0000000100150030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000758c3f29 5 bytes JMP 00000001001501f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StartPage 00000000758c401a 5 bytes JMP 0000000100150730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000758c4c51 5 bytes JMP 00000001001507f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000758c53fd 5 bytes JMP 0000000100150830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000758c5454 5 bytes JMP 0000000100150af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000758c54af 5 bytes JMP 0000000100150070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!EndPath 00000000758c5506 5 bytes JMP 0000000100150a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000758c573f 5 bytes JMP 00000001001507b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!FillPath 00000000758c57d2 5 bytes JMP 0000000100150870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000758c5c44 5 bytes JMP 00000001001504f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000758c5cd5 5 bytes JMP 00000001001504b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000758c5d87 5 bytes JMP 00000001001508b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000755c8c40 5 bytes JMP 0000000100160570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000755c9ebd 5 bytes JMP 00000001001602b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001001701f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000755d0afa 5 bytes JMP 00000001001602f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000755d0c62 7 bytes JMP 00000001001605b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetParent 00000000755d0f68 7 bytes JMP 00000001001606f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000755d112d 7 bytes JMP 00000001001606b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000755d12a5 5 bytes JMP 00000001001605f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000755d227d 7 bytes JMP 0000000100160670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000755d3150 7 bytes JMP 0000000100160630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001001703fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetCursor 00000000755d41f6 5 bytes JMP 0000000100160530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000755d68ef 5 bytes JMP 0000000100160270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100170804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000755d77fa 5 bytes JMP 0000000100160230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000755d7887 7 bytes JMP 0000000100160730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100170600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000755d8676 5 bytes JMP 00000001001600f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000755d8696 5 bytes JMP 0000000100160330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000755d8e8d 5 bytes JMP 00000001001600b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000755d8ecb 5 bytes JMP 0000000100160070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000755dc17b 5 bytes JMP 0000000100160430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000755dc449 5 bytes JMP 00000001001601b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000755dc468 5 bytes JMP 00000001001603f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000755dc486 5 bytes JMP 00000001001601f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000755dc4b6 5 bytes JMP 00000001001604b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000755dd6c0 5 bytes JMP 00000001001604f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000755de360 5 bytes JMP 0000000100160370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100170a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075608e57 5 bytes JMP 0000000100160170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075609cfd 5 bytes JMP 0000000100160770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075609f1d 5 bytes JMP 0000000100160030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075627cb9 5 bytes JMP 0000000100160130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000075628111 5 bytes JMP 0000000100160470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007562832f 5 bytes JMP 00000001001603b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100181014
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100180804
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100180a08
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100180c0c
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100180e10
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001801f8
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001803fc
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100180600
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 00000000750b9606 5 bytes JMP 00000001001900f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 00000000750c0581 5 bytes JMP 0000000100190130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 00000000750c0bb9 5 bytes JMP 0000000100190270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 00000000750c0c2e 5 bytes JMP 00000001001901b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 00000000750c0f2e 5 bytes JMP 0000000100190070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 00000000750c1096 5 bytes JMP 00000001001900b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000750c124e 5 bytes JMP 00000001001901f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 00000000750c129d 5 bytes JMP 0000000100190230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 00000000750c1527 5 bytes JMP 0000000100190030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 00000000750c1590 5 bytes JMP 0000000100190170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075a70045 5 bytes JMP 00000001001a0030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075a736b2 5 bytes JMP 00000001001a0070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075a9fdcd 5 bytes JMP 00000001001a00b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[2692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001001a01f8
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001001a03fc
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 00000001001a0804
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 00000001001a0600
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 00000001001a0a08
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 00000001001b1014
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 00000001001b0804
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 00000001001b0a08
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 00000001001b0c0c
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 00000001001b0e10
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001001b01f8
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001001b03fc
    .text C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe[928] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 00000001001b0600
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 00000001000a0600
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 00000001000a0804
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 00000001000a0c0c
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 00000001000a0a08
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 00000001000a0e10
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000a01f8
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000a03fc
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 00000001000b1014
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 00000001000b0804
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 00000001000b0a08
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 00000001000b0c0c
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 00000001000b0e10
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001000b01f8
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001000b03fc
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 00000001000b0600
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001000c01f8
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001000c03fc
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 00000001000c0804
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 00000001000c0600
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 00000001000c0a08
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ee1465 2 bytes [EE, 75]
    .text C:\Program Files (x86)\Java\jre7\bin\java.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ee14bb 2 bytes [EE, 75]
    .text ... * 2
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077803ae0 5 bytes JMP 000000010013075c
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077807a90 5 bytes JMP 00000001001303a4
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077831490 5 bytes JMP 0000000100130b14
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778314f0 5 bytes JMP 0000000100130ecc
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778315d0 5 bytes JMP 000000010013163c
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077831810 5 bytes JMP 0000000100131284
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077832840 5 bytes JMP 00000001001319f4
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007746eecd 1 byte [62]
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!UnhookWinEvent 0000000077318550 5 bytes JMP 00000001002d075c
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000000007731d440 5 bytes JMP 00000001002d1284
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000000007731f874 5 bytes JMP 00000001002d0ecc
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!SetWinEventHook 0000000077324d4c 5 bytes JMP 00000001002d03a4
    .text C:\Windows\system32\msiexec.exe[4192] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077338c20 5 bytes JMP 00000001002d0b14
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff656e00 5 bytes JMP 000007ff7f671dac
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff656f2c 5 bytes JMP 000007ff7f670ecc
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff657220 5 bytes JMP 000007ff7f671284
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff65739c 5 bytes JMP 000007ff7f67163c
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff657538 5 bytes JMP 000007ff7f6719f4
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff6575e8 5 bytes JMP 000007ff7f6703a4
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff65790c 5 bytes JMP 000007ff7f67075c
    .text C:\Windows\System32\svchost.exe[4668] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff657ab4 5 bytes JMP 000007ff7f670b14
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000779dfaa0 5 bytes JMP 0000000100030600
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000779dfb38 5 bytes JMP 0000000100030804
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000779dfc90 5 bytes JMP 0000000100030c0c
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000779e0018 5 bytes JMP 0000000100030a08
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000779e1900 5 bytes JMP 0000000100030e10
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779fc45a 5 bytes JMP 00000001000301f8
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a01217 5 bytes JMP 00000001000303fc
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007542a30a 1 byte [62]
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000770e5181 5 bytes JMP 0000000100241014
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000770e5254 5 bytes JMP 0000000100240804
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000770e53d5 5 bytes JMP 0000000100240a08
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000770e54c2 5 bytes JMP 0000000100240c0c
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000770e55e2 5 bytes JMP 0000000100240e10
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000770e567c 5 bytes JMP 00000001002401f8
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000770e589f 5 bytes JMP 00000001002403fc
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000770e5a22 5 bytes JMP 0000000100240600
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000755cee09 5 bytes JMP 00000001002501f8
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000755d3982 5 bytes JMP 00000001002503fc
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000755d7603 5 bytes JMP 0000000100250804
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000755d835c 5 bytes JMP 0000000100250600
    .text C:\Users\SS\Desktop\gmer.exe[1656] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000755ef52b 5 bytes JMP 0000000100250a08

    ---- Kernel IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800106ef1c] \SystemRoot\System32\Drivers\sptd.sys [.text]
    IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800106ecc0] \SystemRoot\System32\Drivers\sptd.sys [.text]
    IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800106f69c] \SystemRoot\System32\Drivers\sptd.sys [.text]
    IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff8800106fa98] \SystemRoot\System32\Drivers\sptd.sys [.text]
    IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800106f8f4] \SystemRoot\System32\Drivers\sptd.sys [.text]

    ---- Devices - GMER 2.1 ----

    Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039a52c0
    Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039a52c0
    Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-5 fffffa80039a52c0
    Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039a52c0
    Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039a52c0
    Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 fffffa80039a52c0
    Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039a52c0
    Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039a52c0
    Device \Driver\ak4gxray \Device\Scsi\ak4gxray1 fffffa8004f122c0
    Device \Driver\ak4gxray \Device\Scsi\ak4gxray1Port6Path0Target0Lun0 fffffa8004f122c0
    Device \FileSystem\Ntfs \Ntfs fffffa80039a92c0
    Device \Driver\usbehci \Device\USBFDO-7 fffffa8004e7f2c0
    Device \Driver\usbuhci \Device\USBPDO-5 fffffa8004e552c0
    Device \Driver\usbehci \Device\USBFDO-3 fffffa8004e7f2c0
    Device \Driver\usbuhci \Device\USBPDO-1 fffffa8004e552c0
    Device \Driver\cdrom \Device\CdRom0 fffffa8004bc62c0
    Device \Driver\cdrom \Device\CdRom1 fffffa8004bc62c0
    Device \Driver\usbuhci \Device\USBPDO-6 fffffa8004e552c0
    Device \Driver\usbuhci \Device\USBFDO-4 fffffa8004e552c0
    Device \Driver\usbuhci \Device\USBFDO-0 fffffa8004e552c0
    Device \Driver\usbuhci \Device\USBPDO-2 fffffa8004e552c0
    Device \Driver\usbehci \Device\USBPDO-7 fffffa8004e7f2c0
    Device \Driver\usbuhci \Device\USBFDO-5 fffffa8004e552c0
    Device \Driver\usbehci \Device\USBPDO-3 fffffa8004e7f2c0
    Device \Driver\usbuhci \Device\USBFDO-1 fffffa8004e552c0
    Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004d162c0
    Device \Driver\usbuhci \Device\USBFDO-6 fffffa8004e552c0
    Device \Driver\usbuhci \Device\USBPDO-4 fffffa8004e552c0
    Device \Driver\atapi \Device\ScsiPort0 fffffa80039a52c0
    Device \Driver\usbuhci \Device\USBFDO-2 fffffa8004e552c0
    Device \Driver\usbuhci \Device\USBPDO-0 fffffa8004e552c0
    Device \Driver\atapi \Device\ScsiPort1 fffffa80039a52c0
    Device \Driver\atapi \Device\ScsiPort2 fffffa80039a52c0
    Device \Driver\atapi \Device\ScsiPort3 fffffa80039a52c0
    Device \Driver\atapi \Device\ScsiPort4 fffffa80039a52c0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{4687A7A5-E020-4733-8CA3-C733872024C6} fffffa8004d162c0
    Device \Driver\atapi \Device\ScsiPort5 fffffa80039a52c0
    Device \Driver\ak4gxray \Device\ScsiPort6 fffffa8004f122c0

    ---- Trace I/O - GMER 2.1 ----

    Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a52c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039a52c0
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492c060] fffffa800492c060
    Trace 3 CLASSPNP.SYS[fffff880013ab43f] -> nt!IofCallDriver -> [0xfffffa80043e9e40] fffffa80043e9e40
    Trace 5 ACPI.sys[fffff88000fb17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa800440e060] fffffa800440e060
    Trace \Driver\atapi[0xfffffa80043d6730] -> IRP_MJ_CREATE -> 0xfffffa80039a52c0 fffffa80039a52c0

    ---- Modules - GMER 2.1 ----

    Module \SystemRoot\System32\Drivers\ak4gxray.SYS fffff88004400000-fffff88004451000 (331776 bytes)

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [3068:1960] 000007feec759688

    ---- Services - GMER 2.1 ----

    Service C:\Windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
    Service C:\Windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
    Service C:\Windows\System32\Drivers\aswrdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
    Service C:\Windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
    Service C:\Windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
    Service C:\Windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
    Service C:\Windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
    Service C:\Windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
    Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 3
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 35577
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 (null)
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0xCC 0x36 0xF9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x32 0x18 0xC7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1C 0x2F 0x14 0xF4 ...
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 18
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 101517
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath (null)
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group (null)
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService (null)
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName (null)
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
    Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description (null)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 (null)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0xCC 0x36 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5F 0x32 0x18 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x99 0xCA 0x6B 0xD4 ...

    ---- EOF - GMER 2.1 ----
     
    tramal200, Feb 18, 2013
    #1
Thread Status:
Not open for further replies.

Share This Page