GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-14 11:16:41 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22ZCT0 rev.11.01A11 Running: lki97ccj.exe; Driver: C:\Users\karolek\AppData\Local\Temp\ugliafog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D61FDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DE16A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8D62085E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D6252E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D625330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D625422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D625252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D625374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D62529A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D6253DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D61FE44] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DE16B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D61FAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D61FE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D622D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D620B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D62530E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D625352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D625446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D625278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D6253AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D6252C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D625400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DE16CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D6209CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D61FEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D61FF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D61FB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D61FCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D61FC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D61FD5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8DE16D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D61FF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8DE16BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DE2CD92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 81CCA890 4 Bytes [F8, FD, 61, 8D] .text ntkrnlpa.exe!KeSetEvent + 131 81CCA8B4 4 Bytes [5A, 6A, E1, 8D] .text ntkrnlpa.exe!KeSetEvent + 191 81CCA914 4 Bytes JMP E3D5079A .text ntkrnlpa.exe!KeSetEvent + 1D1 81CCA954 8 Bytes [E4, 52, 62, 8D, 30, 53, 62, ...] {IN AL, 0x52; BOUND ECX, [EBP-0x729dacd0]} .text ntkrnlpa.exe!KeSetEvent + 1DD 81CCA960 4 Bytes [22, 54, 62, 8D] {AND DL, [EDX-0x73]} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81DF562F 5 Bytes JMP 8DE29C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 81E4E543 5 Bytes JMP 8DE2B74C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 81E57E68 4 Bytes CALL 8D6211B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 81E5BADC 4 Bytes CALL 8D6211CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 81EAFDCA 7 Bytes JMP 8DE2CD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xB453841C] .clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xB4539000, 0x1000, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\taskeng.exe[124] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[124] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[124] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[124] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[124] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[124] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[124] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[124] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[124] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Windows\PLFSetI.exe[268] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001401F8 .text C:\Windows\PLFSetI.exe[268] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001403FC .text C:\Windows\PLFSetI.exe[268] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\PLFSetI.exe[268] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00160600 .text C:\Windows\PLFSetI.exe[268] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00160804 .text C:\Windows\PLFSetI.exe[268] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00160A08 .text C:\Windows\PLFSetI.exe[268] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001601F8 .text C:\Windows\PLFSetI.exe[268] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001603FC .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001703FC .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00170600 .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00171014 .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00170804 .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00170A08 .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00170C0C .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00170E10 .text C:\Windows\PLFSetI.exe[268] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001701F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 00C203FC .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00C20600 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00C21014 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00C20804 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00C20A08 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00C20C0C .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00C20E10 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 00C201F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00C30600 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00C30804 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00C30A08 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 00C301F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[288] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 00C303FC .text C:\Windows\system32\csrss.exe[532] KERNEL32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[572] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[572] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[572] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[572] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\csrss.exe[584] KERNEL32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\services.exe[616] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[616] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[616] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[616] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[616] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[616] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[616] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[616] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[632] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[632] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[632] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[632] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[632] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[632] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsm.exe[640] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[640] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[640] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Windows\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[828] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00A80600 .text C:\Windows\system32\svchost.exe[828] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00A80804 .text C:\Windows\system32\svchost.exe[828] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00A80A08 .text C:\Windows\system32\svchost.exe[828] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 00A801F8 .text C:\Windows\system32\svchost.exe[828] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 00A803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[852] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[904] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[904] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00CB0600 .text C:\Windows\system32\svchost.exe[904] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00CB0804 .text C:\Windows\system32\svchost.exe[904] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00CB0A08 .text C:\Windows\system32\svchost.exe[904] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 00CB01F8 .text C:\Windows\system32\svchost.exe[904] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 00CB03FC .text C:\Program Files\Launch Manager\LManager.exe[932] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Program Files\Launch Manager\LManager.exe[932] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Program Files\Launch Manager\LManager.exe[932] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Launch Manager\LManager.exe[932] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 002F0600 .text C:\Program Files\Launch Manager\LManager.exe[932] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 002F0804 .text C:\Program Files\Launch Manager\LManager.exe[932] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 002F0A08 .text C:\Program Files\Launch Manager\LManager.exe[932] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 002F01F8 .text C:\Program Files\Launch Manager\LManager.exe[932] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 002F03FC .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 003003FC .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00300600 .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00301014 .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00300804 .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00300A08 .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00300C0C .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00300E10 .text C:\Program Files\Launch Manager\LManager.exe[932] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 003001F8 .text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00110600 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00110804 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00110A08 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001101F8 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001103FC .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00CC0600 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00CC0804 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00CC0A08 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 00CC01F8 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 00CC03FC .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00D40600 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00D40804 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00D40A08 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 00D401F8 .text C:\Windows\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 00D403FC .text C:\Windows\RtHDVCpl.exe[1120] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Windows\RtHDVCpl.exe[1120] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Windows\RtHDVCpl.exe[1120] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001703FC .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00170600 .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00171014 .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00170804 .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00170A08 .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00170C0C .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00170E10 .text C:\Windows\RtHDVCpl.exe[1120] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001701F8 .text C:\Windows\RtHDVCpl.exe[1120] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Windows\RtHDVCpl.exe[1120] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Windows\RtHDVCpl.exe[1120] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Windows\RtHDVCpl.exe[1120] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Windows\RtHDVCpl.exe[1120] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\AUDIODG.EXE[1156] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\igfxsrvc.exe[1216] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxsrvc.exe[1216] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxsrvc.exe[1216] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[1216] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxsrvc.exe[1216] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxsrvc.exe[1216] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxsrvc.exe[1216] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxsrvc.exe[1216] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001903FC .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00190600 .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00191014 .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00190804 .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00190A08 .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00190C0C .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00190E10 .text C:\Windows\system32\igfxsrvc.exe[1216] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00D30600 .text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00D30804 .text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00D30A08 .text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 00D301F8 .text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 00D303FC .text C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe[1464] KERNEL32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 000F0600 .text C:\Windows\system32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 000F0804 .text C:\Windows\system32\svchost.exe[1480] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 000F0A08 .text C:\Windows\system32\svchost.exe[1480] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000F01F8 .text C:\Windows\system32\svchost.exe[1480] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000F03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1676] kernel32.dll!SetUnhandledExceptionFilter 77CBA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1676] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001903FC .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00190600 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00191014 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00190804 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00190A08 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00190C0C .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00190E10 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001901F8 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 001A0600 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 001A0804 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 001A0A08 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001A01F8 .text C:\Users\karolek\Desktop\ddd\lki97ccj.exe[1688] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001A03FC .text C:\Windows\system32\Dwm.exe[1696] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[1696] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[1696] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[1696] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[1696] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[1696] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[1696] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[1696] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[1696] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1712] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Windows\Explorer.EXE[1772] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[1772] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[1772] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[1772] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[1772] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[1772] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[1772] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[1772] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[1772] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Windows\Explorer.EXE[1772] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 765BB37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL} .text C:\Windows\System32\spoolsv.exe[1896] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[1896] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[1896] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[1896] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00130600 .text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00130804 .text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00130A08 .text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001301F8 .text C:\Windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001303FC .text C:\Windows\system32\svchost.exe[1924] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1924] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1924] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1924] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1924] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00160600 .text C:\Windows\system32\svchost.exe[1924] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00160804 .text C:\Windows\system32\svchost.exe[1924] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\svchost.exe[1924] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\svchost.exe[1924] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\taskeng.exe[1956] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[1956] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[1956] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Windows\system32\taskeng.exe[1956] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1956] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00090600 .text C:\Windows\system32\taskeng.exe[1956] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00090804 .text C:\Windows\system32\taskeng.exe[1956] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\taskeng.exe[1956] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[1956] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000903FC .text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Windows\System32\igfxtray.exe[2080] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001A03FC .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 001A0600 .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 001A1014 .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 001A0804 .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 001A0A08 .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 001A0C0C .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 001A0E10 .text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001A01F8 .text C:\Windows\system32\agrsmsvc.exe[2096] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000801F8 .text C:\Windows\system32\agrsmsvc.exe[2096] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000803FC .text C:\Windows\system32\agrsmsvc.exe[2096] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000A03FC .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 000A0600 .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 000A1014 .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 000A0804 .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 000A0A08 .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 000A0C0C .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 000A0E10 .text C:\Windows\system32\agrsmsvc.exe[2096] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000A01F8 .text C:\Windows\system32\agrsmsvc.exe[2096] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 000B0600 .text C:\Windows\system32\agrsmsvc.exe[2096] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\agrsmsvc.exe[2096] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\agrsmsvc.exe[2096] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\agrsmsvc.exe[2096] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\wbem\unsecapp.exe[2104] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[2104] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[2104] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00170C0C .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\wbem\unsecapp.exe[2104] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2104] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Windows\system32\wbem\unsecapp.exe[2104] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Windows\system32\wbem\unsecapp.exe[2104] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Windows\system32\wbem\unsecapp.exe[2104] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Windows\system32\wbem\unsecapp.exe[2104] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\hkcmd.exe[2136] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Windows\System32\hkcmd.exe[2136] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Windows\System32\hkcmd.exe[2136] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[2136] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Windows\System32\hkcmd.exe[2136] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Windows\System32\hkcmd.exe[2136] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\hkcmd.exe[2136] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\hkcmd.exe[2136] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00190C0C .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\hkcmd.exe[2136] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\svchost.exe[2156] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2156] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2156] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2156] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001401F8 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001403FC .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001603FC .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00160600 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00161014 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00160804 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00160A08 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00160C0C .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00160E10 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001601F8 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[2204] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Windows\System32\igfxpers.exe[2220] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Windows\System32\igfxpers.exe[2220] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Windows\System32\igfxpers.exe[2220] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[2220] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Windows\System32\igfxpers.exe[2220] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Windows\System32\igfxpers.exe[2220] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\igfxpers.exe[2220] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\igfxpers.exe[2220] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00190C0C .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\igfxpers.exe[2220] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001901F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2236] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[2248] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehtray.exe[2248] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehtray.exe[2248] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\ehome\ehtray.exe[2248] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehtray.exe[2248] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\ehome\ehtray.exe[2248] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\ehome\ehtray.exe[2248] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\ehome\ehtray.exe[2248] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\ehome\ehtray.exe[2248] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001803FC .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00180600 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00181014 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00180804 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00180A08 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00180C0C .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00180E10 .text C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe[2308] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001801F8 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001401F8 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001403FC .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001603FC .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00160600 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00161014 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00160804 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00160A08 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00160C0C .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00160E10 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001601F8 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[2340] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Program Files\Skype\Phone\Skype.exe[2376] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Skype\Phone\Skype.exe[2376] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Skype\Phone\Skype.exe[2376] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[2376] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Program Files\Skype\Phone\Skype.exe[2376] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Program Files\Skype\Phone\Skype.exe[2376] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Skype\Phone\Skype.exe[2376] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Skype\Phone\Skype.exe[2376] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001803FC .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00180600 .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00181014 .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00180804 .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00180A08 .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00180C0C .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00180E10 .text C:\Program Files\Skype\Phone\Skype.exe[2376] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001801F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 002703FC .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00270600 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00271014 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00270804 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00270A08 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00270C0C .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00270E10 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 002701F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00280600 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00280804 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00280A08 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 002801F8 .text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2440] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 002803FC .text C:\Windows\system32\igfxext.exe[2452] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxext.exe[2452] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxext.exe[2452] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\igfxext.exe[2452] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxext.exe[2452] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxext.exe[2452] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxext.exe[2452] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxext.exe[2452] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001803FC .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00180600 .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00181014 .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00180804 .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00180A08 .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00180C0C .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00180E10 .text C:\Windows\system32\igfxext.exe[2452] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001801F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 003903FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00390600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00391014 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00390804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00390A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00390C0C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00390E10 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 003901F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 003A0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 003A0804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 003A0A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 003A01F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2472] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 003A03FC .text C:\Windows\ehome\ehmsas.exe[2484] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000401F8 .text C:\Windows\ehome\ehmsas.exe[2484] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000403FC .text C:\Windows\ehome\ehmsas.exe[2484] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehmsas.exe[2484] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehmsas.exe[2484] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 000B0600 .text C:\Windows\ehome\ehmsas.exe[2484] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 000B0804 .text C:\Windows\ehome\ehmsas.exe[2484] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 000B0A08 .text C:\Windows\ehome\ehmsas.exe[2484] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000B01F8 .text C:\Windows\ehome\ehmsas.exe[2484] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[2636] KERNEL32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00170600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00171014 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00170804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00170A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00170C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00170E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2672] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001703FC .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00170600 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00171014 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00170804 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00170A08 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00170C0C .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00170E10 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001701F8 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Users\karolek\AppData\Local\Temp\RtkBtMnt.exe[2728] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 002D0600 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 002D0804 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 002D0A08 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 002D01F8 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 002D03FC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 002E03FC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 002E0600 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 002E1014 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 002E0804 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 002E0A08 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 002E0C0C .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 002E0E10 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2736] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 002E01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001903FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00190600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00191014 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00190804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00190A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00190C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00190E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2816] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001901F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00181014 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00180C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00180E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2864] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001801F8 .text C:\Windows\system32\FsUsbExService.Exe[2876] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001401F8 .text C:\Windows\system32\FsUsbExService.Exe[2876] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001403FC .text C:\Windows\system32\FsUsbExService.Exe[2876] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\FsUsbExService.Exe[2876] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00160600 .text C:\Windows\system32\FsUsbExService.Exe[2876] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00160804 .text C:\Windows\system32\FsUsbExService.Exe[2876] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\FsUsbExService.Exe[2876] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\FsUsbExService.Exe[2876] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00170C0C .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\FsUsbExService.Exe[2876] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[2912] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2912] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2912] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[2912] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00D20600 .text C:\Windows\system32\svchost.exe[2912] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00D20804 .text C:\Windows\system32\svchost.exe[2912] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00D20A08 .text C:\Windows\system32\svchost.exe[2912] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 00D201F8 .text C:\Windows\system32\svchost.exe[2912] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 00D203FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001903FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001A03FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 001A0600 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 001A1014 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 001A0804 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 001A0A08 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 001A0C0C .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 001A0E10 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2960] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001A01F8 .text C:\Acer\Mobility Center\MobilityService.exe[3048] KERNEL32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\msiexec.exe[3116] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000601F8 .text C:\Windows\system32\msiexec.exe[3116] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000603FC .text C:\Windows\system32\msiexec.exe[3116] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\msiexec.exe[3116] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000C01F8 .text C:\Windows\system32\msiexec.exe[3116] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 000D0600 .text C:\Windows\system32\msiexec.exe[3116] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 000D0804 .text C:\Windows\system32\msiexec.exe[3116] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 000D0A08 .text C:\Windows\system32\msiexec.exe[3116] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000D01F8 .text C:\Windows\system32\msiexec.exe[3116] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000D03FC .text C:\Windows\System32\svchost.exe[3172] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3172] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3172] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Windows\System32\svchost.exe[3172] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\System32\svchost.exe[3172] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00180600 .text C:\Windows\System32\svchost.exe[3172] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00180804 .text C:\Windows\System32\svchost.exe[3172] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\svchost.exe[3172] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\svchost.exe[3172] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\wbem\unsecapp.exe[3240] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[3240] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[3240] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[3240] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[3240] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[3240] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[3240] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[3240] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[3240] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[3244] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3244] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3244] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3268] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3268] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3268] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Windows\system32\svchost.exe[3268] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[3268] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 001A0600 .text C:\Windows\system32\svchost.exe[3268] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 001A0804 .text C:\Windows\system32\svchost.exe[3268] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 001A0A08 .text C:\Windows\system32\svchost.exe[3268] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001A01F8 .text C:\Windows\system32\svchost.exe[3268] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001A03FC .text C:\Windows\system32\svchost.exe[3328] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[3328] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[3328] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00070600 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00070804 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00070A08 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000701F8 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000703FC .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe[3444] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\System32\svchost.exe[3560] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3560] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3560] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[3560] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[3584] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[3584] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3680] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 001801F8 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00070600 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00070804 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00070A08 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000701F8 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000703FC .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000803FC .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00080600 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00081014 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00080804 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00080A08 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00080C0C .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 3 Bytes JMP 00080E10 .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!ChangeServiceConfig2W + 4 778771E5 1 Byte [88] .text C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe[3940] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchProtocolHost.exe[4372] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000401F8 .text C:\Windows\system32\SearchProtocolHost.exe[4372] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000403FC .text C:\Windows\system32\SearchProtocolHost.exe[4372] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00060600 .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00060C0C .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\SearchProtocolHost.exe[4372] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchProtocolHost.exe[4372] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchProtocolHost.exe[4372] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchProtocolHost.exe[4372] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchProtocolHost.exe[4372] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchProtocolHost.exe[4372] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchFilterHost.exe[4400] ntdll.dll!LdrLoadDll 77B39378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchFilterHost.exe[4400] ntdll.dll!LdrUnloadDll 77B4B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchFilterHost.exe[4400] kernel32.dll!GetBinaryTypeW + 70 77CE2467 1 Byte [62] .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!CreateServiceW 77839EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!DeleteService 7783A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!ChangeServiceConfigW 77876F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!ChangeServiceConfig2A 77877099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchFilterHost.exe[4400] ADVAPI32.dll!CreateServiceA 778772A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchFilterHost.exe[4400] USER32.dll!SetWindowsHookExA 77506322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchFilterHost.exe[4400] USER32.dll!SetWindowsHookExW 775087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchFilterHost.exe[4400] USER32.dll!UnhookWindowsHookEx 775098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchFilterHost.exe[4400] USER32.dll!SetWinEventHook 77509F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchFilterHost.exe[4400] USER32.dll!UnhookWinEvent 7750C06F 5 Bytes JMP 000803FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001A0002 IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001A0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [738CF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7499F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7499E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7499FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7499FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7499D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74996853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7499687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2236] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [738CF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cda4a9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cda4a9@60d0a9e0d90c 0xAA 0xA9 0x13 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cda4a9@60d0a9e3e810 0xCD 0x8B 0x6F 0x0E ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269cda4a9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269cda4a9@60d0a9e0d90c 0xAA 0xA9 0x13 0x58 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269cda4a9@60d0a9e3e810 0xCD 0x8B 0x6F 0x0E ... ---- EOF - GMER 1.0.15 ----