GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-27 13:39:55 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-75ZCT2 rev.11.01A11 Running: do363eg4.exe; Driver: C:\Users\Home\AppData\Local\Temp\pxldipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F593202] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F5957F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F595848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F59595E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F595746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F595898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F59579A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F59590C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F593226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F592FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F59324A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F595D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F593CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F595820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F595870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F595988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F595772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F5958D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F5957C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F595936] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F593BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F59326E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F593292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F59304A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F593186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F593162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F5931AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F5932B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FC28398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82CB5890 4 Bytes [02, 32, 59, 8F] .text ntkrnlpa.exe!KeSetEvent + 1D1 82CB5954 8 Bytes [F0, 57, 59, 8F, 48, 58, 59, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 82CB5960 1 Byte [5E] .text ntkrnlpa.exe!KeSetEvent + 1DD 82CB5960 4 Bytes [5E, 59, 59, 8F] .text ntkrnlpa.exe!KeSetEvent + 1F5 82CB5978 4 Bytes [46, 57, 59, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DE062F 5 Bytes JMP 8FC23D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82E39543 5 Bytes JMP 8FC257F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E42E68 4 Bytes CALL 8F59434B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E46ADC 4 Bytes CALL 8F594361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82E9ADCA 7 Bytes JMP 8FC2839C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA06000, 0x21FD7F, 0xE8000020] .text ntdll.dll!LdrLoadDll 778D93A8 5 Bytes [E9, 4B, 6E, 87, 88] {JMP 0xffffffff88876e50} .text ntdll.dll!LdrUnloadDll 778EB740 5 Bytes [E9, B7, 4C, 86, 88] {JMP 0xffffffff88864cbc} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[296] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[296] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[296] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[296] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[296] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[296] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[296] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[296] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[296] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Defender\MSASCui.exe[496] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Defender\MSASCui.exe[496] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Program Files\Windows Defender\MSASCui.exe[496] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Program Files\Windows Defender\MSASCui.exe[496] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Program Files\Windows Defender\MSASCui.exe[496] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00180600 .text C:\Program Files\Windows Defender\MSASCui.exe[496] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00180804 .text C:\Program Files\Windows Defender\MSASCui.exe[496] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00180A08 .text C:\Program Files\Windows Defender\MSASCui.exe[496] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[496] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\csrss.exe[504] KERNEL32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[568] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[568] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[568] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[568] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[568] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\csrss.exe[580] KERNEL32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[604] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\services.exe[612] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[612] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[612] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[612] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[612] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[612] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[612] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[612] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[612] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[624] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[624] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[624] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[624] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[624] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[624] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[624] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[624] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[624] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[636] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\WLTRAY.EXE[680] KERNEL32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[704] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[704] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[704] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000603FC .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\Dell\QuickSet\quickset.exe[820] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[820] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00180600 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00181014 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00180804 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00180A08 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00180C0C .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00180E10 .text C:\Program Files\Dell\QuickSet\quickset.exe[820] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[824] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[824] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00A80600 .text C:\Windows\system32\svchost.exe[824] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00A80804 .text C:\Windows\system32\svchost.exe[824] USER32.dll!UnhookWindowsHookEx 77A798DB 3 Bytes JMP 00A80A08 .text C:\Windows\system32\svchost.exe[824] USER32.dll!UnhookWindowsHookEx + 4 77A798DF 1 Byte [89] .text C:\Windows\system32\svchost.exe[824] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 00A801F8 .text C:\Windows\system32\svchost.exe[824] USER32.dll!UnhookWinEvent 77A7C06F 3 Bytes JMP 00A803FC .text C:\Windows\system32\svchost.exe[824] USER32.dll!UnhookWinEvent + 4 77A7C073 1 Byte [89] .text C:\Windows\system32\SearchIndexer.exe[832] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[832] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[832] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[832] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[832] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[832] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[832] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[832] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[832] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001B03FC .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 001B0600 .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 001B1014 .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 001B0804 .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 001B0A08 .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 001B0C0C .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 001B0E10 .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001B01F8 .text C:\Windows\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 001F0804 .text C:\Windows\system32\svchost.exe[900] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 001F0A08 .text C:\Windows\system32\svchost.exe[900] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001F01F8 .text C:\Windows\system32\svchost.exe[900] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001F03FC .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00190600 .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00190804 .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00190A08 .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001901F8 .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001903FC .text C:\Windows\system32\Ati2evxx.exe[1024] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Windows\system32\Ati2evxx.exe[1024] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Windows\system32\Ati2evxx.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\Ati2evxx.exe[1024] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00270600 .text C:\Windows\system32\Ati2evxx.exe[1024] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00270804 .text C:\Windows\system32\Ati2evxx.exe[1024] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00270A08 .text C:\Windows\system32\Ati2evxx.exe[1024] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 002701F8 .text C:\Windows\system32\Ati2evxx.exe[1024] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 002703FC .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 002803FC .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00280600 .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00281014 .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00280804 .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00280A08 .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00280C0C .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00280E10 .text C:\Windows\system32\Ati2evxx.exe[1024] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 002801F8 .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00200600 .text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00200804 .text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00200A08 .text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 002001F8 .text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 002003FC .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001401F8 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001403FC .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00160600 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00160804 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00160A08 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001601F8 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001603FC .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1072] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000C03FC .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\WindowsMobile\wmdSync.exe[1136] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 000C0600 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 000C0804 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 000C0A08 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000C01F8 .text C:\Windows\WindowsMobile\wmdSync.exe[1136] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000C03FC .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001903FC .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00190600 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00191014 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00190804 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00190A08 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00190C0C .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00190E10 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1148] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001901F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00180600 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00180804 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe[1160] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\AUDIODG.EXE[1268] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000C01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1316] KERNEL32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00CB0600 .text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00CB0804 .text C:\Windows\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00CB0A08 .text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 00CB01F8 .text C:\Windows\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 00CB03FC .text C:\Windows\system32\Ati2evxx.exe[1564] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Windows\system32\Ati2evxx.exe[1564] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Windows\system32\Ati2evxx.exe[1564] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\Ati2evxx.exe[1564] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Windows\system32\Ati2evxx.exe[1564] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Windows\system32\Ati2evxx.exe[1564] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\Ati2evxx.exe[1564] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\Ati2evxx.exe[1564] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00180600 .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00180C0C .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\Ati2evxx.exe[1564] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001801F8 .text C:\Program Files\IDT\WDM\sttray.exe[1572] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\IDT\WDM\sttray.exe[1572] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\IDT\WDM\sttray.exe[1572] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\IDT\WDM\sttray.exe[1572] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00270600 .text C:\Program Files\IDT\WDM\sttray.exe[1572] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00270804 .text C:\Program Files\IDT\WDM\sttray.exe[1572] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00270A08 .text C:\Program Files\IDT\WDM\sttray.exe[1572] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 002701F8 .text C:\Program Files\IDT\WDM\sttray.exe[1572] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 002703FC .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 002803FC .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00280600 .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00281014 .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00280804 .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00280A08 .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00280C0C .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00280E10 .text C:\Program Files\IDT\WDM\sttray.exe[1572] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 002801F8 .text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000C03FC .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 003D03FC .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 003D0600 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 003D1014 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 003D0804 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 003D0A08 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 003D0C0C .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 003D0E10 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 003D01F8 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 003E0600 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 003E0804 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 003E0A08 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 003E01F8 .text C:\Users\Home\Desktop\xxx\do363eg4.exe[1808] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 003E03FC .text C:\Windows\System32\WLTRYSVC.EXE[1824] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Windows\System32\WLTRYSVC.EXE[1824] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Windows\System32\WLTRYSVC.EXE[1824] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\WLTRYSVC.EXE[1824] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00180600 .text C:\Windows\System32\WLTRYSVC.EXE[1824] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00180804 .text C:\Windows\System32\WLTRYSVC.EXE[1824] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\WLTRYSVC.EXE[1824] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\WLTRYSVC.EXE[1824] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00190600 .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00190C0C .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\WLTRYSVC.EXE[1824] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001901F8 .text C:\Windows\System32\bcmwltry.exe[1840] KERNEL32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!SetUnhandledExceptionFilter 7643A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1848] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2056] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2192] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001903FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2212] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2504] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\spoolsv.exe[2508] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[2508] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[2508] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[2508] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[2508] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00160600 .text C:\Windows\System32\spoolsv.exe[2508] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00160804 .text C:\Windows\System32\spoolsv.exe[2508] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00160A08 .text C:\Windows\System32\spoolsv.exe[2508] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001601F8 .text C:\Windows\System32\spoolsv.exe[2508] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\taskeng.exe[2516] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2516] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2516] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2516] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2516] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2516] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2516] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2516] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2516] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2552] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2552] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00140600 .text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00140804 .text C:\Windows\system32\svchost.exe[2552] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00140A08 .text C:\Windows\system32\svchost.exe[2552] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001401F8 .text C:\Windows\system32\svchost.exe[2552] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001403FC .text C:\Windows\system32\taskeng.exe[2588] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2588] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2588] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2588] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2588] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2588] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2588] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2588] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2588] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\CAPM2RSK.EXE[2864] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001401F8 .text C:\Windows\system32\CAPM2RSK.EXE[2864] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001403FC .text C:\Windows\system32\CAPM2RSK.EXE[2864] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\CAPM2RSK.EXE[2864] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00160600 .text C:\Windows\system32\CAPM2RSK.EXE[2864] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00160804 .text C:\Windows\system32\CAPM2RSK.EXE[2864] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\CAPM2RSK.EXE[2864] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\CAPM2RSK.EXE[2864] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\CAPM2RSK.EXE[2864] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001401F8 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001403FC .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001603FC .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00160600 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00161014 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00160804 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00160A08 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00160C0C .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00160E10 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001601F8 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3080] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\Skype\Phone\Skype.exe[3196] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Skype\Phone\Skype.exe[3196] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\Skype\Phone\Skype.exe[3196] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[3196] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 001A0600 .text C:\Program Files\Skype\Phone\Skype.exe[3196] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 001A0804 .text C:\Program Files\Skype\Phone\Skype.exe[3196] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 001A0A08 .text C:\Program Files\Skype\Phone\Skype.exe[3196] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001A01F8 .text C:\Program Files\Skype\Phone\Skype.exe[3196] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001A03FC .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00190600 .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00191014 .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00190804 .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00190A08 .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00190C0C .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00190E10 .text C:\Program Files\Skype\Phone\Skype.exe[3196] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[3240] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3240] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3240] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3240] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3240] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 001E0600 .text C:\Windows\system32\svchost.exe[3240] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 001E0804 .text C:\Windows\system32\svchost.exe[3240] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 001E0A08 .text C:\Windows\system32\svchost.exe[3240] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001E01F8 .text C:\Windows\system32\svchost.exe[3240] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001E03FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3264] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3272] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001803FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00070600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00070804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00070A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000703FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000803FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00080600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00081014 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00080804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00080A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00080C0C .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00080E10 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3308] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000801F8 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001401F8 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001403FC .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00160600 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00160804 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00160A08 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001601F8 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001603FC .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2LAK.EXE[3360] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001401F8 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001403FC .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00180600 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00180804 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\spool\drivers\w32x86\3\CAPM2SWK.EXE[3420] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001803FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3464] KERNEL32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 001A0600 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 001A0804 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 001A0A08 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001A01F8 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001A03FC .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001B03FC .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 001B0600 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 001B1014 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 001B0804 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 001B0A08 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 001B0C0C .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 001B0E10 .text C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe[3516] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001B01F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001703FC .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00170600 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00171014 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00170804 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00170A08 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00170C0C .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00170E10 .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe[3640] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3684] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3684] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3684] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3728] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3728] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3728] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3728] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00B40600 .text C:\Windows\system32\svchost.exe[3728] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00B40804 .text C:\Windows\system32\svchost.exe[3728] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00B40A08 .text C:\Windows\system32\svchost.exe[3728] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 00B401F8 .text C:\Windows\system32\svchost.exe[3728] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 00B403FC .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00180600 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00181014 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00180804 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00180A08 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00180C0C .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00180E10 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3792] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001801F8 .text C:\Windows\System32\svchost.exe[3908] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[3908] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[3908] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[3908] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00340600 .text C:\Windows\System32\svchost.exe[3908] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00340804 .text C:\Windows\System32\svchost.exe[3908] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00340A08 .text C:\Windows\System32\svchost.exe[3908] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 003401F8 .text C:\Windows\System32\svchost.exe[3908] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 003403FC .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3920] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[3940] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[3940] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[3940] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[3940] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[3956] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3956] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3956] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3956] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3956] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00210600 .text C:\Windows\system32\svchost.exe[3956] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00210804 .text C:\Windows\system32\svchost.exe[3956] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00210A08 .text C:\Windows\system32\svchost.exe[3956] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 002101F8 .text C:\Windows\system32\svchost.exe[3956] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 002103FC .text C:\Windows\system32\svchost.exe[4012] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[4012] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[4012] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[4012] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4060] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[4068] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[4068] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[4068] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[4068] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\Dwm.exe[4816] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[4816] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[4816] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[4816] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[4816] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[4816] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[4816] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[4816] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[4816] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00181014 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00180C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00180E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5340] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 002703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00270600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00271014 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00270804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00270A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00270C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00270E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 002701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00280600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00280804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00280A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 002801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[5484] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 002803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001903FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00190600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00191014 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00190804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00190A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00190C0C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00190E10 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5528] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\wbem\unsecapp.exe[5632] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[5632] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[5632] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00080C0C .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\wbem\unsecapp.exe[5632] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[5632] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00090600 .text C:\Windows\system32\wbem\unsecapp.exe[5632] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00090804 .text C:\Windows\system32\wbem\unsecapp.exe[5632] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\wbem\unsecapp.exe[5632] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\wbem\unsecapp.exe[5632] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[5764] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[5764] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[5764] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[5764] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00170600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00170804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00170A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00181014 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00180C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00180E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[5796] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 001801F8 .text C:\Windows\System32\svchost.exe[5860] ntdll.dll!LdrLoadDll 778D93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[5860] ntdll.dll!LdrUnloadDll 778EB740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[5860] kernel32.dll!GetBinaryTypeW + 70 76462467 1 Byte [62] .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!CreateServiceW 760E9EB4 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!DeleteService 760EA07E 5 Bytes JMP 00080600 .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!SetServiceObjectSecurity 76126CD9 5 Bytes JMP 00081014 .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfigA 76126DD9 5 Bytes JMP 00080804 .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfigW 76126F81 5 Bytes JMP 00080A08 .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfig2A 76127099 5 Bytes JMP 00080C0C .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!ChangeServiceConfig2W 761271E1 5 Bytes JMP 00080E10 .text C:\Windows\System32\svchost.exe[5860] ADVAPI32.dll!CreateServiceA 761272A1 5 Bytes JMP 000801F8 .text C:\Windows\System32\svchost.exe[5860] USER32.dll!SetWindowsHookExA 77A76322 5 Bytes JMP 00D50600 .text C:\Windows\System32\svchost.exe[5860] USER32.dll!SetWindowsHookExW 77A787AD 5 Bytes JMP 00D50804 .text C:\Windows\System32\svchost.exe[5860] USER32.dll!UnhookWindowsHookEx 77A798DB 5 Bytes JMP 00D50A08 .text C:\Windows\System32\svchost.exe[5860] USER32.dll!SetWinEventHook 77A79F3A 5 Bytes JMP 00D501F8 .text C:\Windows\System32\svchost.exe[5860] USER32.dll!UnhookWinEvent 77A7C06F 5 Bytes JMP 00D503FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7494A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74928395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7497CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7491C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[296] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00180002 IAT C:\Windows\system32\services.exe[612] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00180000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----