GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-21 19:20:36 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925031 rev.0002 Running: v721wm7v.exe; Driver: C:\Users\MJKOMP~1\AppData\Local\Temp\fxtciaog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DA1D374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DA1F996] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DA1F9EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DA1FB04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DA1F8EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DA1FA3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DA1F940] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DA1FAB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DA1D398] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DA1D162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DA1D3BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DA1FEFC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DA1DE54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DA1F9C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DA1FA16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DA1FB2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DA1F918] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DA1FA7E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DA1F96E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DA1FADC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DA1DD1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DA1D3E0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DA1D404] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DA1D1BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DA1D2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DA1D2D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DA1D31C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DA1D428] INT 0x51 ? 855E7C88 INT 0x51 ? 86DF7ED0 INT 0x51 ? 86DF7ED0 INT 0x51 ? 855E7C88 INT 0x62 ? 86DF7ED0 INT 0x72 ? 86DF7ED0 INT 0xA2 ? 86DF7ED0 INT 0xB2 ? 86DF7ED0 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E2269A6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828E5890 4 Bytes [74, D3, A1, 8D] .text ntkrnlpa.exe!KeSetEvent + 1D1 828E5954 8 Bytes [96, F9, A1, 8D, EE, F9, A1, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 828E5960 4 Bytes [04, FB, A1, 8D] .text ntkrnlpa.exe!KeSetEvent + 1F5 828E5978 4 Bytes [EC, F8, A1, 8D] .text ntkrnlpa.exe!KeSetEvent + 215 828E5998 6 Bytes [3E, FA, A1, 8D, 40, F9] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A1062F 5 Bytes JMP 8E2223DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82A69543 5 Bytes JMP 8E223E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A72E68 4 Bytes CALL 8DA1E4C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A76ADC 4 Bytes CALL 8DA1E4DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82ACADCA 7 Bytes JMP 8E2269AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spki.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8C23D41B 5 Bytes JMP 86DF7420 .text win32k.sys!EngCreateRectRgn + 4537 9984FC80 5 Bytes JMP 8DA205E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 99868EE9 5 Bytes JMP 8DA20FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 99869CD5 5 Bytes JMP 8DA21118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C03 99872437 5 Bytes JMP 8DA1FF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 9987338E 5 Bytes JMP 8DA20D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 3106 9987EAD7 5 Bytes JMP 8DA204BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4579 9987FF4A 5 Bytes JMP 8DA200DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 119EE 99899AA5 5 Bytes JMP 8DA20326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A42 99899AF9 5 Bytes JMP 8DA204CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 998C0B0E 5 Bytes JMP 8DA20D0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DE 998C346D 5 Bytes JMP 8DA1FFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3F 998C9DAE 5 Bytes JMP 8DA2014A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B42 998D424C 5 Bytes JMP 8DA211BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 998D7134 5 Bytes JMP 8DA20016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 81C 998F5565 5 Bytes JMP 8DA20EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6EEA 998FBC33 5 Bytes JMP 8DA20D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 998FF3AA 5 Bytes JMP 8DA20E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 99906CC9 5 Bytes JMP 8DA20096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 99925264 5 Bytes JMP 8DA20254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 9992AAE2 5 Bytes JMP 8DA201AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 9992E61A 5 Bytes JMP 8DA21070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A0F 9994CB57 5 Bytes JMP 8DA201E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D269 999593B1 5 Bytes JMP 8DA2028E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe[320] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\csrss.exe[616] KERNEL32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[660] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\csrss.exe[672] KERNEL32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[676] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[676] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[676] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[676] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[676] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[676] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[676] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[676] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[676] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\services.exe[704] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[704] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[704] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[704] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[704] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[704] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[704] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[704] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[704] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[716] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00090600 .text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00090804 .text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000903FC .text C:\Windows\system32\lsm.exe[728] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[728] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[728] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[728] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\ASUS\ATK Hotkey\HControl.exe[772] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\winlogon.exe[796] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[796] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[796] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[796] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[796] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000603FC .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe[864] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 3 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W + 4 768A71E5 1 Byte [89] .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 001F0804 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 001F0A08 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001F01F8 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001F03FC .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 3 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W + 4 768A71E5 1 Byte [89] .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00220600 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00220804 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00220A08 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 002201F8 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 002203FC .text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00140600 .text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00140804 .text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00140A08 .text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001401F8 .text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001403FC .text C:\Windows\system32\wuauclt.exe[1172] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000A01F8 .text C:\Windows\system32\wuauclt.exe[1172] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000A03FC .text C:\Windows\system32\wuauclt.exe[1172] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[1172] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 000B0600 .text C:\Windows\system32\wuauclt.exe[1172] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\wuauclt.exe[1172] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\wuauclt.exe[1172] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\wuauclt.exe[1172] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\wuauclt.exe[1172] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000C01F8 .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00640600 .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00640804 .text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00640A08 .text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 006401F8 .text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 006403FC .text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00230600 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00230804 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00230A08 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 002301F8 .text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 002303FC .text C:\Windows\System32\spoolsv.exe[1232] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000901F8 .text C:\Windows\System32\spoolsv.exe[1232] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000903FC .text C:\Windows\System32\spoolsv.exe[1232] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 3 Bytes JMP 000B0E10 .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W + 4 768A71E5 1 Byte [89] .text C:\Windows\System32\spoolsv.exe[1232] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\spoolsv.exe[1232] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 009F0600 .text C:\Windows\System32\spoolsv.exe[1232] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 009F0804 .text C:\Windows\System32\spoolsv.exe[1232] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 009F0A08 .text C:\Windows\System32\spoolsv.exe[1232] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 009F01F8 .text C:\Windows\System32\spoolsv.exe[1232] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 009F03FC .text C:\Windows\system32\AUDIODG.EXE[1316] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\AUDIODG.EXE[1316] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\AUDIODG.EXE[1316] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 3 Bytes JMP 000B0E10 .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!ChangeServiceConfig2W + 4 768A71E5 1 Byte [89] .text C:\Windows\system32\AUDIODG.EXE[1316] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\AUDIODG.EXE[1316] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 000C0600 .text C:\Windows\system32\AUDIODG.EXE[1316] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\AUDIODG.EXE[1316] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\AUDIODG.EXE[1316] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\AUDIODG.EXE[1316] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1344] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 3 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W + 4 768A71E5 1 Byte [89] .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\ACEngSvr.exe[1380] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001401F8 .text C:\Windows\System32\ACEngSvr.exe[1380] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001403FC .text C:\Windows\System32\ACEngSvr.exe[1380] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001603FC .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00160600 .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00161014 .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00160804 .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00160A08 .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00160C0C .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00160E10 .text C:\Windows\System32\ACEngSvr.exe[1380] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001601F8 .text C:\Windows\System32\ACEngSvr.exe[1380] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Windows\System32\ACEngSvr.exe[1380] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Windows\System32\ACEngSvr.exe[1380] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Windows\System32\ACEngSvr.exe[1380] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Windows\System32\ACEngSvr.exe[1380] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 001A0600 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 001A0804 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 001A0A08 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001A01F8 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001A03FC .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001B03FC .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 001B0600 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 001B1014 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 001B0804 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 001B0A08 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 001B0C0C .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 001B0E10 .text C:\Program Files\ASUS\Splendid\ACMON.exe[1384] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001B01F8 .text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00DC0600 .text C:\Windows\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00DC0804 .text C:\Windows\system32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00DC0A08 .text C:\Windows\system32\svchost.exe[1452] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 00DC01F8 .text C:\Windows\system32\svchost.exe[1452] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 00DC03FC .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 001C0600 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 001C0804 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 001C0A08 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001C01F8 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001C03FC .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001D03FC .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 001D0600 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 001D1014 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 001D0804 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 001D0A08 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 001D0C0C .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 001D0E10 .text C:\Program Files\ASUS\Wireless Console 3\wcourier.exe[1488] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001D01F8 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\ASUS\SmartLogon\smartlogon.exe[1504] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00270600 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00270804 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00270A08 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 002701F8 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 002703FC .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 002803FC .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00280600 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00281014 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00280804 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00280A08 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00280C0C .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00280E10 .text C:\Program Files\ASUS\ATK Hotkey\WDC.exe[1540] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 002801F8 .text C:\Windows\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1728] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00190600 .text C:\Windows\system32\svchost.exe[1728] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00190804 .text C:\Windows\system32\svchost.exe[1728] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00190A08 .text C:\Windows\system32\svchost.exe[1728] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[1728] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001903FC .text C:\Windows\system32\Dwm.exe[1876] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[1876] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[1876] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\Dwm.exe[1876] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[1876] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00090600 .text C:\Windows\system32\Dwm.exe[1876] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00090804 .text C:\Windows\system32\Dwm.exe[1876] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\Dwm.exe[1876] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\Dwm.exe[1876] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000903FC .text C:\Windows\Explorer.EXE[1884] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[1884] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[1884] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[1884] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[1884] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 000C0600 .text C:\Windows\Explorer.EXE[1884] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 000C0804 .text C:\Windows\Explorer.EXE[1884] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 000C0A08 .text C:\Windows\Explorer.EXE[1884] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000C01F8 .text C:\Windows\Explorer.EXE[1884] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000C03FC .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe[1956] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\WLANExt.exe[1964] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\WLANExt.exe[1964] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\WLANExt.exe[1964] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\WLANExt.exe[1964] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\WLANExt.exe[1964] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00090600 .text C:\Windows\system32\WLANExt.exe[1964] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00090804 .text C:\Windows\system32\WLANExt.exe[1964] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\WLANExt.exe[1964] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\WLANExt.exe[1964] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000903FC .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe[1976] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001903FC .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00190600 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00191014 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00190804 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00190A08 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00190C0C .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00190E10 .text C:\Program Files\ATKGFNEX\GFNEXSrv.exe[2016] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7641A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2040] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2056] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2056] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2056] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2056] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2056] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[2056] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00110804 .text C:\Windows\system32\svchost.exe[2056] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00110A08 .text C:\Windows\system32\svchost.exe[2056] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001101F8 .text C:\Windows\system32\svchost.exe[2056] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001103FC .text C:\Windows\system32\taskeng.exe[2088] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2088] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2088] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2088] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2088] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2088] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2088] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2088] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2088] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\igfxtray.exe[2120] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Windows\System32\igfxtray.exe[2120] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Windows\System32\igfxtray.exe[2120] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[2120] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Windows\System32\igfxtray.exe[2120] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Windows\System32\igfxtray.exe[2120] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\igfxtray.exe[2120] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\igfxtray.exe[2120] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00190C0C .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\igfxtray.exe[2120] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\taskeng.exe[2132] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2132] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2132] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2132] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2132] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000803FC .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe[2140] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\hkcmd.exe[2176] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Windows\System32\hkcmd.exe[2176] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Windows\System32\hkcmd.exe[2176] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[2176] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Windows\System32\hkcmd.exe[2176] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Windows\System32\hkcmd.exe[2176] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\hkcmd.exe[2176] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\hkcmd.exe[2176] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00190C0C .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\hkcmd.exe[2176] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[2200] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2200] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000803FC .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\ASUS\SmartLogon\sensorsrv.exe[2216] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2228] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000803FC .text C:\Program files\P4G\BatteryLife.exe[2240] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program files\P4G\BatteryLife.exe[2240] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program files\P4G\BatteryLife.exe[2240] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program files\P4G\BatteryLife.exe[2240] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 001A0600 .text C:\Program files\P4G\BatteryLife.exe[2240] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 001A0804 .text C:\Program files\P4G\BatteryLife.exe[2240] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 001A0A08 .text C:\Program files\P4G\BatteryLife.exe[2240] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001A01F8 .text C:\Program files\P4G\BatteryLife.exe[2240] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001A03FC .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001B03FC .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 001B0600 .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 001B1014 .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 001B0804 .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 001B0A08 .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 001B0C0C .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 001B0E10 .text C:\Program files\P4G\BatteryLife.exe[2240] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001B01F8 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\ASUS\ASUS Live Update\ALU.exe[2264] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000401F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000403FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000603FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00060600 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00061014 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00060804 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00060A08 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00060C0C .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00060E10 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000601F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2304] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00190600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00190804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00190A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001903FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001A03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 001A0600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 001A1014 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 001A0804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 001A0A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 001A0C0C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 001A0E10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2404] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001A01F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00091014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00090C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00090E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2556] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000901F8 .text C:\Windows\system32\igfxsrvc.exe[2568] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxsrvc.exe[2568] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxsrvc.exe[2568] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[2568] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxsrvc.exe[2568] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxsrvc.exe[2568] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxsrvc.exe[2568] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxsrvc.exe[2568] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\igfxsrvc.exe[2568] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe[2600] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2640] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2688] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2688] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2688] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2688] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001903FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00191014 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00190C0C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00190E10 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 001A0600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 001A0804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 001A0A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001A01F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2720] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001A03FC .text C:\Windows\System32\svchost.exe[2828] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2828] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2828] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2828] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[2828] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00110600 .text C:\Windows\System32\svchost.exe[2828] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00110804 .text C:\Windows\System32\svchost.exe[2828] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00110A08 .text C:\Windows\System32\svchost.exe[2828] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001101F8 .text C:\Windows\System32\svchost.exe[2828] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001103FC .text C:\Windows\System32\svchost.exe[2860] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[2860] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[2860] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 3 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!ChangeServiceConfig2W + 4 768A71E5 1 Byte [89] .text C:\Windows\System32\svchost.exe[2860] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[2888] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2888] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2888] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2888] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2888] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 005D0600 .text C:\Windows\system32\svchost.exe[2888] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 005D0804 .text C:\Windows\system32\svchost.exe[2888] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 005D0A08 .text C:\Windows\system32\svchost.exe[2888] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 005D01F8 .text C:\Windows\system32\svchost.exe[2888] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 005D03FC .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2904] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\Elantech\ETDCtrl.exe[2936] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Elantech\ETDCtrl.exe[2936] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2960] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00E90600 .text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00E90804 .text C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00E90A08 .text C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 00E901F8 .text C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 00E903FC .text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3004] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3004] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[3004] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3040] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3080] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[3080] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[3080] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000F03FC .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000F0600 .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000F1014 .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000F0804 .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000F0A08 .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000F0C0C .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 000F0E10 .text C:\Windows\system32\SearchIndexer.exe[3080] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000F01F8 .text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00110600 .text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00110804 .text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00110A08 .text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001101F8 .text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001103FC .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe[3444] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[3456] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[3592] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3592] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3592] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 3 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W + 4 768A71E5 1 Byte [89] .text C:\Windows\system32\svchost.exe[3592] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000B01F8 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00170600 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00170804 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00170A08 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001701F8 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001703FC .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001803FC .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00180600 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00181014 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00180804 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00180A08 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00180C0C .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00180E10 .text C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe[3624] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001801F8 .text C:\Windows\System32\igfxpers.exe[3832] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001501F8 .text C:\Windows\System32\igfxpers.exe[3832] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001503FC .text C:\Windows\System32\igfxpers.exe[3832] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[3832] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Windows\System32\igfxpers.exe[3832] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Windows\System32\igfxpers.exe[3832] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\igfxpers.exe[3832] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\igfxpers.exe[3832] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00190C0C .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\igfxpers.exe[3832] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3896] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 001803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!LdrLoadDll 77709378 5 Bytes JMP 000501F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!LdrUnloadDll 7771B680 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] USER32.dll!SetWindowsHookExA 76786322 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] USER32.dll!SetWindowsHookExW 767887AD 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] USER32.dll!UnhookWindowsHookEx 767898DB 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] USER32.dll!SetWinEventHook 76789F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] USER32.dll!UnhookWinEvent 7678C06F 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!CreateServiceW 76869EB4 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!DeleteService 7686A07E 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 768A6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 768A6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 768A6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 768A7099 5 Bytes JMP 00080C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 768A71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ADVAPI32.dll!CreateServiceA 768A72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[5364] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Users\Mójkomputer\Downloads\v721wm7v.exe[6124] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [80698F9C] \SystemRoot\System32\Drivers\spki.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [806983E6] \SystemRoot\System32\Drivers\spki.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069890E] \SystemRoot\System32\Drivers\spki.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80699178] \SystemRoot\System32\Drivers\spki.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80698116] \SystemRoot\System32\Drivers\spki.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [806981D4] \SystemRoot\System32\Drivers\spki.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A9976] \SystemRoot\System32\Drivers\spki.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[704] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00260002 IAT C:\Windows\system32\services.exe[704] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00260000 IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7451A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7454CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 855EA1F8 Device \FileSystem\fastfat \FatCdrom B24451F8 Device \Driver\volmgr \Device\VolMgrControl 855E41F8 Device \Driver\usbuhci \Device\USBPDO-0 86E43470 Device \Driver\usbuhci \Device\USBPDO-1 86E43470 Device \Driver\usbuhci \Device\USBPDO-2 86E43470 Device \Driver\usbehci \Device\USBPDO-3 86E371F8 Device \Driver\netbt \Device\NetBT_Tcpip_{26874B6E-035D-47BA-B601-1EF69970DB3F} 87817470 Device \Driver\usbuhci \Device\USBPDO-4 86E43470 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-5 86E43470 Device \Driver\usbuhci \Device\USBPDO-6 86E43470 Device \Driver\volmgr \Device\HarddiskVolume1 855E41F8 Device \Driver\usbehci \Device\USBPDO-7 86E371F8 Device \Driver\volmgr \Device\HarddiskVolume2 855E41F8 Device \Driver\cdrom \Device\CdRom0 86E0F1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [82F660B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [82F660B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [82F660B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 855E41F8 Device \Driver\netbt \Device\NetBt_Wins_Export 87817470 Device \Driver\Smb \Device\NetbiosSmb 87802470 Device \Driver\iScsiPrt \Device\RaidPort0 86EAD1F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 86E43470 Device \Driver\usbuhci \Device\USBFDO-1 86E43470 Device \Driver\usbuhci \Device\USBFDO-2 86E43470 Device \Driver\usbehci \Device\USBFDO-3 86E371F8 Device \Driver\netbt \Device\NetBT_Tcpip_{5C40F16A-3555-44BF-B0AA-3DCE7E5E661E} 87817470 Device \Driver\usbuhci \Device\USBFDO-4 86E43470 Device \Driver\usbuhci \Device\USBFDO-5 86E43470 Device \Driver\usbuhci \Device\USBFDO-6 86E43470 Device \Driver\usbehci \Device\USBFDO-7 86E371F8 Device \FileSystem\fastfat \Fat B24451F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/ASUSTek Computer Inc) Device \FileSystem\cdfs \Cdfs 86E231F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- Files - GMER 1.0.15 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes ---- EOF - GMER 1.0.15 ----