GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-12-29 07:56:14 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21 Running: lbrwccde.exe; Driver: C:\DOCUME~1\Alicja\LOCALS~1\Temp\kfpiyaow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9FEFDFC4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA2641510] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x9FF216A9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9FF00456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9FF004AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9FF005C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9FF2105D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9FF003AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9FF004FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9FF00400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9FF00572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9FEFDFE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9FF21D6F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9FF22025] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9FF00848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9FF21BDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9FF21A45] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA26415C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9FEFDDB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9FEFE00C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9FF009BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9FEFEAA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9FF00486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9FF004D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9FF005EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9FF213B9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9FF003D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9FF00680] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9FF0053E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9FF0042E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9FF00764] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9FF0059C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA2641658] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9FF218C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9FEFE96A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9FF21712] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA26499E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9FF206D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9FEFE030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9FEFE054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9FEFDE0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9FEFDF48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9FF21E76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9FEFDF24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9FEFDF6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9FEFE078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA26557A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 4 Bytes CALL D0F03558 .text ntkrnlpa.exe!ZwCallbackReturn + 2E70 8050470C 4 Bytes JMP B93AE700 .text ntkrnlpa.exe!ZwCallbackReturn + 2F31 805047CD 7 Bytes [E0, EF, 9F, 54, E0, EF, 9F] {LOOPNZ 0xfffffffffffffff1; LAHF ; PUSH ESP; LOOPNZ 0xfffffffffffffff5; LAHF } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL 9FEFF00F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A265269C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A265415C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A26557A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP 9FF00B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP 9FF00AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP 9FF00DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP 9FF00FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP 9FF00ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP 9FF00F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP 9FF00C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP 9FF00CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP 9FF00D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP 9FF00D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP 9FF009F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP 9FF00B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP 9FF00C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP 9FF010D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[172] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxext.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxext.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxext.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxext.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxext.exe[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\igfxext.exe[228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\igfxext.exe[228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\igfxext.exe[228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\igfxext.exe[228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\igfxext.exe[228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [90] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\wuauclt.exe[612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\wuauclt.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\wuauclt.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\wuauclt.exe[612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\wuauclt.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\wuauclt.exe[612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\wuauclt.exe[612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\wuauclt.exe[612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\wuauclt.exe[612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC .text C:\WINDOWS\System32\smss.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008E1014 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008E0804 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 008E0A08 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 008E0C0C .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 008E0E10 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008E01F8 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008E03FC .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008E0600 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008F0804 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 008F0A08 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 008F0600 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 008F01F8 .text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 008F03FC .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe[836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\TPSMain.exe[844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\TPSMain.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\TPSMain.exe[844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\TPSMain.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\TPSMain.exe[844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\TPSMain.exe[844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\TPSMain.exe[844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\TPSMain.exe[844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\TPSMain.exe[844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\TPSMain.exe[844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe[888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\hkcmd.exe[932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\hkcmd.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\hkcmd.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\hkcmd.exe[932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\hkcmd.exe[932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\hkcmd.exe[932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\hkcmd.exe[932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014 .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804 .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08 .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10 .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8 .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\hkcmd.exe[932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600 .text C:\WINDOWS\system32\igfxtray.exe[940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxtray.exe[940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxtray.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\igfxtray.exe[940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\igfxtray.exe[940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\igfxtray.exe[940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\igfxtray.exe[940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014 .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804 .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08 .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10 .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8 .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\igfxtray.exe[940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600 .text C:\WINDOWS\system32\csrss.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[952] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\winlogon.exe[980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\winlogon.exe[980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\winlogon.exe[980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\winlogon.exe[980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\winlogon.exe[980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\winlogon.exe[980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\services.exe[1024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\services.exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\services.exe[1024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\services.exe[1024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\services.exe[1024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\services.exe[1024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\lsass.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\lsass.exe[1040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\lsass.exe[1040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\lsass.exe[1040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\lsass.exe[1040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\lsass.exe[1040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\lsass.exe[1040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\RayV\RayV\RayV.exe[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\RayV\RayV\RayV.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\RayV\RayV\RayV.exe[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\RayV\RayV\RayV.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\RayV\RayV\RayV.exe[1088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\RayV\RayV\RayV.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\Program Files\RayV\RayV\RayV.exe[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\Program Files\RayV\RayV\RayV.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\Program Files\RayV\RayV\RayV.exe[1088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\Program Files\RayV\RayV\RayV.exe[1088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxsrvc.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\igfxsrvc.exe[1112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\igfxpers.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxpers.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxpers.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\igfxpers.exe[1172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\igfxpers.exe[1172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\igfxpers.exe[1172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\igfxpers.exe[1172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\igfxpers.exe[1172] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1328] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\Apoint2K\Apoint.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Apoint2K\Apoint.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Apoint2K\Apoint.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Apoint2K\Apoint.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Apoint2K\Apoint.exe[1428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\Apoint2K\Apoint.exe[1428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\Apoint2K\Apoint.exe[1428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\Apoint2K\Apoint.exe[1428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\Apoint2K\Apoint.exe[1428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\Apoint2K\Apoint.exe[1428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[1436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\thpsrv.exe[1444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\thpsrv.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\thpsrv.exe[1444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\thpsrv.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\thpsrv.exe[1444] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\thpsrv.exe[1444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\thpsrv.exe[1444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\thpsrv.exe[1444] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\thpsrv.exe[1444] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\thpsrv.exe[1444] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\System32\svchost.exe[1452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\System32\svchost.exe[1452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe[1476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A71014 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A70804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A70A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A70C0C .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A70E10 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A701F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A703FC .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A70600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A80804 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A80A08 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A80600 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A801F8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[1512] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A803FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[1544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\Program Files\Offline Course Player\OlpSynch.exe[1596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Apoint2K\HidFind.exe[1620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Apoint2K\HidFind.exe[1620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Apoint2K\HidFind.exe[1620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Apoint2K\HidFind.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Apoint2K\HidFind.exe[1620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\Apoint2K\HidFind.exe[1620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\Apoint2K\HidFind.exe[1620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\Apoint2K\HidFind.exe[1620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\Apoint2K\HidFind.exe[1620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\Apoint2K\HidFind.exe[1620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\Program Files\Apoint2K\Apntex.exe[1628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Apoint2K\Apntex.exe[1628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Apoint2K\Apntex.exe[1628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Apoint2K\Apntex.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Apoint2K\Apntex.exe[1628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804 .text C:\Program Files\Apoint2K\Apntex.exe[1628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08 .text C:\Program Files\Apoint2K\Apntex.exe[1628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600 .text C:\Program Files\Apoint2K\Apntex.exe[1628] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8 .text C:\Program Files\Apoint2K\Apntex.exe[1628] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\Program Files\Apoint2K\Apntex.exe[1628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\ctfmon.exe[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\ctfmon.exe[1664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\ctfmon.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\ctfmon.exe[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\ctfmon.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\ctfmon.exe[1664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\ctfmon.exe[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC .text C:\Program Files\Messenger\msmsgs.exe[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\Program Files\Messenger\msmsgs.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[1688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\Program Files\Messenger\msmsgs.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014 .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804 .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08 .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10 .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8 .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC .text C:\Program Files\Messenger\msmsgs.exe[1688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600 .text C:\Program Files\Messenger\msmsgs.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804 .text C:\Program Files\Messenger\msmsgs.exe[1688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08 .text C:\Program Files\Messenger\msmsgs.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600 .text C:\Program Files\Messenger\msmsgs.exe[1688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8 .text C:\Program Files\Messenger\msmsgs.exe[1688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009D1014 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009D0804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009D0A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009D0C0C .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009D0E10 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009D01F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009D03FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009D0600 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[1752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[1768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[1768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\TPSBattM.exe[1900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\TPSBattM.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\TPSBattM.exe[1900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\TPSBattM.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\TPSBattM.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804 .text C:\WINDOWS\system32\TPSBattM.exe[1900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08 .text C:\WINDOWS\system32\TPSBattM.exe[1900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600 .text C:\WINDOWS\system32\TPSBattM.exe[1900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8 .text C:\WINDOWS\system32\TPSBattM.exe[1900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014 .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10 .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\TPSBattM.exe[1900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600 .text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\svchost.exe[2452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\svchost.exe[2452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\ThpSrv.exe[2548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\ThpSrv.exe[2548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ThpSrv.exe[2548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\ThpSrv.exe[2548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014 .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10 .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\ThpSrv.exe[2548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ThpSrv.exe[2548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\ThpSrv.exe[2548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\ThpSrv.exe[2548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\ThpSrv.exe[2548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\ThpSrv.exe[2548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\TODDSrv.exe[2568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\TODDSrv.exe[2568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\TODDSrv.exe[2568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\TODDSrv.exe[2568] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\TODDSrv.exe[2568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\TODDSrv.exe[2568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\TODDSrv.exe[2568] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\TODDSrv.exe[2568] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\TODDSrv.exe[2568] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014 .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804 .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08 .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10 .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8 .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC .text C:\WINDOWS\system32\TODDSrv.exe[2568] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600 .text C:\WINDOWS\system32\wdfmgr.exe[2616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\WINDOWS\system32\wdfmgr.exe[2616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[2616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\WINDOWS\system32\wdfmgr.exe[2616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\system32\wdfmgr.exe[2616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\wdfmgr.exe[2616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804 .text C:\WINDOWS\system32\wdfmgr.exe[2616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08 .text C:\WINDOWS\system32\wdfmgr.exe[2616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600 .text C:\WINDOWS\system32\wdfmgr.exe[2616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8 .text C:\WINDOWS\system32\wdfmgr.exe[2616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA0804 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AA0A08 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AA0600 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AA01F8 .text C:\Documents and Settings\Alicja\Desktop\lbrwccde.exe[2820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AA03FC .text C:\WINDOWS\System32\alg.exe[3448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804 .text C:\WINDOWS\System32\alg.exe[3448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08 .text C:\WINDOWS\System32\alg.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600 .text C:\WINDOWS\System32\alg.exe[3448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8 .text C:\WINDOWS\System32\alg.exe[3448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014 .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804 .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08 .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10 .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8 .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC .text C:\WINDOWS\System32\alg.exe[3448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\spoolsv.exe[3672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[3672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[3672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[3672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014 .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804 .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08 .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10 .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8 .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC .text C:\WINDOWS\system32\spoolsv.exe[3672] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600 .text C:\WINDOWS\system32\spoolsv.exe[3672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804 .text C:\WINDOWS\system32\spoolsv.exe[3672] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08 .text C:\WINDOWS\system32\spoolsv.exe[3672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600 .text C:\WINDOWS\system32\spoolsv.exe[3672] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8 .text C:\WINDOWS\system32\spoolsv.exe[3672] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1024] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00610002 IAT C:\WINDOWS\system32\services.exe[1024] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00610000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- Files - GMER 1.0.15 ---- File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_USER_NTUSER_S-1-5-20 225280 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\ComDb.Dat 23584 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\domain.txt 56 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository 0 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\$WinMgmt.CFG 20 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS 0 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS\INDEX.BTR 1351680 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS\INDEX.MAP 736 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS\MAPPING.VER 4 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS\MAPPING1.MAP 10940 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS\MAPPING2.MAP 10940 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS\OBJECTS.DATA 20766720 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\Repository\FS\OBJECTS.MAP 10204 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_MACHINE_SAM 28672 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_MACHINE_SECURITY 57344 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_MACHINE_SOFTWARE 24117248 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_MACHINE_SYSTEM 4882432 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_USER_.DEFAULT 303104 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_USER_NTUSER_S-1-5-18 262144 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(2)\snapshot(2)\_REGISTRY_USER_NTUSER_S-1-5-19 229376 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_USER_NTUSER_S-1-5-20 225280 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\ComDb.Dat 23584 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\domain.txt 56 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository 0 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\$WinMgmt.CFG 20 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS 0 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS\INDEX.BTR 1572864 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS\INDEX.MAP 832 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS\MAPPING.VER 4 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS\MAPPING1.MAP 11056 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS\MAPPING2.MAP 11056 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS\OBJECTS.DATA 20766720 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\Repository\FS\OBJECTS.MAP 10224 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_MACHINE_SAM 28672 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_MACHINE_SECURITY 57344 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_MACHINE_SOFTWARE 24772608 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_MACHINE_SYSTEM 7352320 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_USER_.DEFAULT 303104 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_USER_NTUSER_S-1-5-18 262144 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\Fifoed(3)\snapshot(2)\_REGISTRY_USER_NTUSER_S-1-5-19 229376 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\RP528\A0172165.msi 25088 bytes File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\RP528\A0172183.dll 27800 bytes executable File C:\System Volume Information\_restore{6038C970-0164-4E45-AB0F-A7B5FC53107D}\RP528\A0172201.dll 27288 bytes executable ---- EOF - GMER 1.0.15 ----