GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-08 17:50:05 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD1600BEVS-60RST0 rev.04.01G04 Running: o0zvhnb6.exe; Driver: C:\Users\Andrzej\AppData\Local\Temp\pwliqfob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CE3CFC4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CE3F456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CE3F4AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CE3F5C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CE3F3AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CE3F4FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CE3F400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CE3F572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CE3CFE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CE3CDB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CE3D00C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CE3F9BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CE3DAA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CE3F486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CE3F4D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CE3F5EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CE3F3D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CE3F53E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CE3F42E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CE3F59C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CE3D96A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CE3D030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CE3D054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CE3CE0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CE3CF48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CE3CF24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CE3CF6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CE3D078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D4897A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 824E9890 4 Bytes [C4, CF, E3, 8C] .text ntkrnlpa.exe!KeSetEvent + 1D1 824E9954 8 Bytes [56, F4, E3, 8C, AE, F4, E3, ...] {PUSH ESI; HLT ; JECXZ 0xffffffffffffff90; SCASB ; HLT ; JECXZ 0xffffffffffffff94} .text ntkrnlpa.exe!KeSetEvent + 1DD 824E9960 4 Bytes [C4, F5, E3, 8C] .text ntkrnlpa.exe!KeSetEvent + 1F5 824E9978 4 Bytes [AC, F3, E3, 8C] .text ntkrnlpa.exe!KeSetEvent + 215 824E9998 8 Bytes [FE, F4, E3, 8C, 00, F4, E3, ...] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8261462F 5 Bytes JMP 8D48669C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 8266D543 5 Bytes JMP 8D48815C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82676E68 4 Bytes CALL 8CE3E025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8267AADC 4 Bytes CALL 8CE3E03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 826CEDCA 7 Bytes JMP 8D4897A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C006360, 0x35B682, 0xE8000020] .text win32k.sys!EngCreateRectRgn + 4537 918CFC80 5 Bytes JMP 8CE400D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C03 918F2437 5 Bytes JMP 8CE3F9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 3106 918FEAD7 5 Bytes JMP 8CE3FF90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4579 918FFF4A 5 Bytes JMP 8CE3FB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 119EE 91919AA5 5 Bytes JMP 8CE3FDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A42 91919AF9 5 Bytes JMP 8CE3FFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DE 9194346D 5 Bytes JMP 8CE3FABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3F 91949DAE 5 Bytes JMP 8CE3FC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 91957134 5 Bytes JMP 8CE3FAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 91986CC9 5 Bytes JMP 8CE3FB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 919A5264 5 Bytes JMP 8CE3FD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 919AAAE2 5 Bytes JMP 8CE3FC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A0F 919CCB57 5 Bytes JMP 8CE3FCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D269 919D93B1 5 Bytes JMP 8CE3FD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[560] KERNEL32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\csrss.exe[608] KERNEL32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wininit.exe[616] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[616] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[616] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[616] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[616] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[616] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\winlogon.exe[648] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[648] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[648] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[648] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[648] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[648] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[648] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[648] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[648] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[696] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[696] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[696] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[696] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[696] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[696] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[696] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[696] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[696] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[708] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[708] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[716] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[716] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[716] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00910600 .text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00910804 .text C:\Windows\system32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00910A08 .text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 009101F8 .text C:\Windows\system32\svchost.exe[852] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 009103FC .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 000D0600 .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 000D0804 .text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 000D0A08 .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000D01F8 .text C:\Windows\system32\svchost.exe[928] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000D03FC .text C:\Windows\System32\svchost.exe[968] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[968] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 009D0600 .text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 009D0804 .text C:\Windows\System32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 009D0A08 .text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 009D01F8 .text C:\Windows\System32\svchost.exe[968] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 009D03FC .text C:\Windows\system32\taskeng.exe[1000] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[1000] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[1000] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[1000] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[1000] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[1000] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[1000] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[1000] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1000] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[1024] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[1024] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[1024] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[1024] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[1024] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[1024] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[1024] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[1024] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[1028] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[1028] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[1028] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[1028] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[1028] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[1028] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[1028] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[1028] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1028] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00260600 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00260804 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00260A08 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 002601F8 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 002603FC .text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 001D0600 .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 001D0804 .text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 001D0A08 .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001D01F8 .text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001D03FC .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[1096] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\AUDIODG.EXE[1184] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1268] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00C80600 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00C80804 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00C80A08 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 00C801F8 .text C:\Windows\system32\svchost.exe[1268] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 00C803FC .text C:\Windows\Explorer.EXE[1356] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[1356] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[1356] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[1356] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[1356] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[1356] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[1356] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[1356] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[1356] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00250600 .text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00250804 .text C:\Windows\system32\svchost.exe[1392] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00250A08 .text C:\Windows\system32\svchost.exe[1392] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 002501F8 .text C:\Windows\system32\svchost.exe[1392] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 002503FC .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1512] kernel32.dll!SetUnhandledExceptionFilter 7641A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1512] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 002803FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00280600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00281014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00280804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00280A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00280C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00280E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1696] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 002801F8 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001903FC .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00190600 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00191014 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00190804 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00190A08 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00190C0C .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00190E10 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001901F8 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 001A0600 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 001A0804 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 001A0A08 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001A01F8 .text C:\Users\Andrzej\Downloads\o0zvhnb6.exe[1788] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001A03FC .text C:\Windows\System32\spoolsv.exe[2008] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[2008] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[2008] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[2008] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[2008] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Windows\System32\spoolsv.exe[2008] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Windows\System32\spoolsv.exe[2008] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Windows\System32\spoolsv.exe[2008] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Windows\System32\spoolsv.exe[2008] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00240600 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00240804 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00240A08 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 002401F8 .text C:\Windows\system32\svchost.exe[2032] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 002403FC .text C:\Windows\system32\svchost.exe[2352] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[2352] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[2352] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[2352] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[2352] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[2352] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00110804 .text C:\Windows\system32\svchost.exe[2352] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00110A08 .text C:\Windows\system32\svchost.exe[2352] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001101F8 .text C:\Windows\system32\svchost.exe[2352] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001103FC .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2364] KERNEL32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00180C0C .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2396] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[2456] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[2456] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[2520] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2520] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2520] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2520] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2548] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[2548] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[2548] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000F03FC .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 000F0600 .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 000F1014 .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 000F0804 .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 000F0A08 .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 000F0C0C .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 000F0E10 .text C:\Windows\system32\SearchIndexer.exe[2548] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000F01F8 .text C:\Windows\system32\SearchIndexer.exe[2548] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00100600 .text C:\Windows\system32\SearchIndexer.exe[2548] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[2548] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[2548] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[2548] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001003FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001401F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001403FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001603FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00160600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00161014 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00160804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00160A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00160C0C .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00160E10 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001601F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2684] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00180C0C .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2712] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2968] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001401F8 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001403FC .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00180C0C .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Hp\QuickPlay\QPService.exe[2980] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 002703FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00270600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00271014 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00270804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00270A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00270C0C .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00270E10 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 002701F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00280600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00280804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00280A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 002801F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2992] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 002803FC .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Defender\MSASCui.exe[3028] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3028] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00180C0C .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3104] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00171014 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00170C0C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00170E10 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3152] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00171014 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00170C0C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00170E10 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3176] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3188] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00180C0C .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3216] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3228] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\WINDOWS\System32\rundll32.exe[3268] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000601F8 .text C:\WINDOWS\System32\rundll32.exe[3268] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000603FC .text C:\WINDOWS\System32\rundll32.exe[3268] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\WINDOWS\System32\rundll32.exe[3268] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\WINDOWS\System32\rundll32.exe[3268] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\WINDOWS\System32\rundll32.exe[3268] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\WINDOWS\System32\rundll32.exe[3268] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\WINDOWS\System32\rundll32.exe[3268] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00090600 .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00091014 .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00090804 .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00090A08 .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00090C0C .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00090E10 .text C:\WINDOWS\System32\rundll32.exe[3268] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000901F8 .text C:\Program Files\Skype\Phone\Skype.exe[3276] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 001501F8 .text C:\Program Files\Skype\Phone\Skype.exe[3276] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 001503FC .text C:\Program Files\Skype\Phone\Skype.exe[3276] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[3276] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00280600 .text C:\Program Files\Skype\Phone\Skype.exe[3276] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00280804 .text C:\Program Files\Skype\Phone\Skype.exe[3276] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00280A08 .text C:\Program Files\Skype\Phone\Skype.exe[3276] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 002801F8 .text C:\Program Files\Skype\Phone\Skype.exe[3276] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 002803FC .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 002703FC .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00270600 .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00271014 .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00270804 .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00270A08 .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00270C0C .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00270E10 .text C:\Program Files\Skype\Phone\Skype.exe[3276] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 002701F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 65BA1B30 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00081014 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00080C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[3292] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000801F8 .text C:\WINDOWS\System32\rundll32.exe[3368] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000A01F8 .text C:\WINDOWS\System32\rundll32.exe[3368] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000A03FC .text C:\WINDOWS\System32\rundll32.exe[3368] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\WINDOWS\System32\rundll32.exe[3368] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 001B0600 .text C:\WINDOWS\System32\rundll32.exe[3368] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 001B0804 .text C:\WINDOWS\System32\rundll32.exe[3368] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 001B0A08 .text C:\WINDOWS\System32\rundll32.exe[3368] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001B01F8 .text C:\WINDOWS\System32\rundll32.exe[3368] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001B03FC .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001C03FC .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 001C0600 .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 001C1014 .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 001C0804 .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 001C0A08 .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 001C0C0C .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 001C0E10 .text C:\WINDOWS\System32\rundll32.exe[3368] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001C01F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[3388] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3388] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000401F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000403FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 001603FC .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00160600 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00161014 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00160804 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00160A08 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00160C0C .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00160E10 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 001601F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00170600 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00170804 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00170A08 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 001701F8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3476] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 001703FC .text C:\Windows\system32\wuauclt.exe[3640] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wuauclt.exe[3640] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000603FC .text C:\Windows\system32\wuauclt.exe[3640] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3640] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 000B0600 .text C:\Windows\system32\wuauclt.exe[3640] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\wuauclt.exe[3640] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\wuauclt.exe[3640] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\wuauclt.exe[3640] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\wuauclt.exe[3640] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000C01F8 .text C:\Windows\notepad.exe[3716] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\notepad.exe[3716] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\notepad.exe[3716] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\notepad.exe[3716] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\notepad.exe[3716] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\notepad.exe[3716] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\notepad.exe[3716] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\notepad.exe[3716] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\notepad.exe[3716] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC .text C:\Windows\notepad.exe[4088] ntdll.dll!LdrLoadDll 77B29378 5 Bytes JMP 000501F8 .text C:\Windows\notepad.exe[4088] ntdll.dll!LdrUnloadDll 77B3B680 5 Bytes JMP 000503FC .text C:\Windows\notepad.exe[4088] kernel32.dll!GetBinaryTypeW + 70 76442467 1 Byte [62] .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!CreateServiceW 76C49EB4 5 Bytes JMP 000703FC .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!DeleteService 76C4A07E 5 Bytes JMP 00070600 .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 76C86CD9 5 Bytes JMP 00071014 .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 76C86DD9 5 Bytes JMP 00070804 .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 76C86F81 5 Bytes JMP 00070A08 .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 76C87099 5 Bytes JMP 00070C0C .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 76C871E1 5 Bytes JMP 00070E10 .text C:\Windows\notepad.exe[4088] ADVAPI32.dll!CreateServiceA 76C872A1 5 Bytes JMP 000701F8 .text C:\Windows\notepad.exe[4088] USER32.dll!SetWindowsHookExA 769E6322 5 Bytes JMP 00080600 .text C:\Windows\notepad.exe[4088] USER32.dll!SetWindowsHookExW 769E87AD 5 Bytes JMP 00080804 .text C:\Windows\notepad.exe[4088] USER32.dll!UnhookWindowsHookEx 769E98DB 5 Bytes JMP 00080A08 .text C:\Windows\notepad.exe[4088] USER32.dll!SetWinEventHook 769E9F3A 5 Bytes JMP 000801F8 .text C:\Windows\notepad.exe[4088] USER32.dll!UnhookWinEvent 769EC06F 5 Bytes JMP 000803FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00190002 IAT C:\Windows\system32\services.exe[696] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00190000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----