GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-17 13:41:41 Windows 6.0.6002 Service Pack 2 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD2500YD-01NVB1 rev.10.02E01 233,76GB Running: iggpffed.exe; Driver: C:\Users\Jacek\AppData\Local\Temp\pxldapow.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F2254BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F929C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8F225ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F230FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F230FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F231176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F230F16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8F929FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F230F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8F22611C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F231130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8F22693E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F225508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F929CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8F9283EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F225556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F22A534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F2273A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F230FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F231016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F23119A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F230F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F2310BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F230F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F231154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F929E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F227272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x8F226DD4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F2255A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F2255F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8F2267BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F2251FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F2253AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F225350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8F226AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8F226C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F22541A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8F929EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8F226636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8F92841C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F225640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8F929D96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8F2262F4] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F942E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 832B37D0 4 Bytes [BA, 54, 22, 8F] .text ntkrnlpa.exe!KeSetEvent + 131 832B37F4 4 Bytes [22, 9C, 92, 8F] .text ntkrnlpa.exe!KeSetEvent + 191 832B3854 4 Bytes [D6, 5E, 22, 8F] .text ntkrnlpa.exe!KeSetEvent + 1D1 832B3894 8 Bytes [A8, 0F, 23, 8F, F4, 0F, 23, ...] {TEST AL, 0xf; AND ECX, [EDI-0x70dcf00c]} .text ntkrnlpa.exe!KeSetEvent + 1DE 832B38A1 3 Bytes [11, 23, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 833DE633 5 Bytes JMP 8F93FCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 83437593 5 Bytes JMP 8F941810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83440EB8 4 Bytes CALL 8F227A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83444B2C 4 Bytes CALL 8F227AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 83498E8C 7 Bytes JMP 8F942E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngCreateRectRgn + 4537 9C4E0470 5 Bytes JMP 8F22AFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + FDC 9C4F0628 5 Bytes JMP 8F22B090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 9C4F9689 5 Bytes JMP 8F22BCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 9C4FA475 5 Bytes JMP 8F22BE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C4B 9C502C1F 5 Bytes JMP 8F22A56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 9C503B75 5 Bytes JMP 8F22BA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30EF 9C50F2A7 5 Bytes JMP 8F22AEB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4561 9C510719 5 Bytes JMP 8F22A7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 46B0 9C510868 5 Bytes JMP 8F22B16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 4C45 9C510DFD 5 Bytes JMP 8F22B182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 522D 9C5113E5 5 Bytes JMP 8F22ACDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A16 9C52A295 5 Bytes JMP 8F22AC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A6A 9C52A2E9 5 Bytes JMP 8F22AEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 9C551378 5 Bytes JMP 8F22B94C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DC 9C553CD5 5 Bytes JMP 8F22A670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3F 9C55A66E 5 Bytes JMP 8F22A834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B44 9C564B04 5 Bytes JMP 8F22BEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 9C5679FC 5 Bytes JMP 8F22A688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 1D73 9C571817 5 Bytes JMP 8F22BA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + B990 9C581DBD 5 Bytes JMP 8F22B0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 8C4 9C585FAF 5 Bytes JMP 8F22BBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6F70 9C58C65B 5 Bytes JMP 8F22B9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 9C58FDCA 5 Bytes JMP 8F22BB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 9C5976E9 5 Bytes JMP 8F22A760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 9C5B5C8A 5 Bytes JMP 8F22AA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 9C5BB532 5 Bytes JMP 8F22A8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 9C5BF06A 5 Bytes JMP 8F22BD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 3765 9C5D7444 5 Bytes JMP 8F22B0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A15 9C5DD58D 5 Bytes JMP 8F22A944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D28F 9C5E9E07 5 Bytes JMP 8F22AB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + 10D00 9C5ED878 5 Bytes JMP 8F22AAB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA7B0A300, 0x22020, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA7B6C300, 0x1B7E, 0xE8000020] .text ntdll.dll!LdrLoadDll 778D9378 5 Bytes [E9, 7B, 6E, 88, 88] {JMP 0x88886e80} .text ntdll.dll!LdrUnloadDll 778EB680 5 Bytes [E9, 77, 4D, 87, 88] {JMP 0x88874d7c} ---- User code sections - GMER 2.0 ---- .text c:\Program Files\AVAST Software\Avast\AvastSvc.exe[352] kernel32.dll!SetUnhandledExceptionFilter 7673A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text c:\Program Files\AVAST Software\Avast\AvastSvc.exe[352] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[372] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[596] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[604] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\Explorer.EXE[632] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text ... .text C:\Windows\ehome\ehRecvr.exe[1292] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehRecvr.exe[1292] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehRecvr.exe[1292] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehRecvr.exe[1292] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehRecvr.exe[1292] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehRecvr.exe[1292] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehRecvr.exe[1292] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehRecvr.exe[1292] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehRecvr.exe[1292] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000501F8 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000503FC .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00160600 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00160804 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00160A08 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001601F8 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001603FC .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001703FC .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00170600 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00171014 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00170804 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00170A08 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00170C0C .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00170E10 .text c:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe[1308] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001701F8 .text C:\Windows\System32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1416] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text ... .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000803FC .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00080600 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00081014 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00080804 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00080A08 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00080C0C .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00080E10 .text c:\Program Files\Tablet\Wacom\WacomHost.exe[1600] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000801F8 .text c:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1688] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1700] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[1772] KERNEL32.dll!CreateThread 7675CB0E 5 Bytes JMP 692175DB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00060600 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00060C0C .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 692525AC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!CallNextHookEx 77418E3B 5 Bytes JMP 69277FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 6929ED00 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!EnableWindow 7741CD8B 5 Bytes JMP 69259EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DefWindowProcA 7741DB88 7 Bytes JMP 69219805 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!CreateWindowExA 7741DC2A 5 Bytes JMP 6922363B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!CreateWindowExW 77421305 5 Bytes JMP 692803CF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DefWindowProcW 774303B4 7 Bytes JMP 69278042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxParamW 774410B0 5 Bytes JMP 691B1893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxIndirectParamW 77442EF5 5 Bytes JMP 693A8FB6 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxParamA 77458152 5 Bytes JMP 693A8F51 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!DialogBoxIndirectParamA 7745847D 5 Bytes JMP 693A901B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxIndirectA 7746D4D9 5 Bytes JMP 693A8ED8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxIndirectW 7746D5D3 5 Bytes JMP 693A8E5F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxExA 7746D639 5 Bytes JMP 693A8DFB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] USER32.dll!MessageBoxExW 7746D65D 5 Bytes JMP 693A8D97 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ole32.dll!OleLoadFromStream 76011E80 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[1772] ole32.dll!OleLoadFromStream 76011E80 5 Bytes JMP 693A9784 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Windows\system32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\System32\mobsync.exe[1904] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\System32\mobsync.exe[1904] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\System32\mobsync.exe[1904] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\mobsync.exe[1904] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\mobsync.exe[1904] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Windows\System32\mobsync.exe[1904] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Windows\System32\mobsync.exe[1904] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\mobsync.exe[1904] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\mobsync.exe[1904] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00080C0C .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Common Files\X-Rite\InstrumentService\wnoted.exe[1932] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[1944] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\System32\vds.exe[2120] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000A01F8 .text C:\Windows\System32\vds.exe[2120] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000A03FC .text C:\Windows\System32\vds.exe[2120] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\vds.exe[2120] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\vds.exe[2120] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 000C0600 .text C:\Windows\System32\vds.exe[2120] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 000C0804 .text C:\Windows\System32\vds.exe[2120] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 000C0A08 .text C:\Windows\System32\vds.exe[2120] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000C01F8 .text C:\Windows\System32\vds.exe[2120] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00091014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00090C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00090E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2444] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2480] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001603FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001703FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00170600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00170C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00180600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00180804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00180A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2496] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00270600 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00270804 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00270A08 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 002701F8 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 002703FC .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 002803FC .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00280600 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00281014 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00280804 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00280A08 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00280C0C .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00280E10 .text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[2532] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 002801F8 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001601F8 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001603FC .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00170600 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00170804 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00170A08 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001701F8 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001703FC .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001803FC .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00180600 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00181014 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00180804 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00180A08 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00180C0C .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00180E10 .text c:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2556] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001801F8 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000803FC .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00080600 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00081014 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00080804 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00080A08 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00080C0C .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00080E10 .text c:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[2628] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000903FC .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00090600 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00091014 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00090804 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00090A08 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00090C0C .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00090E10 .text C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe[2696] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000901F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000903FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00090600 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00091014 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00090804 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00090A08 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00090C0C .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00090E10 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[2756] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000901F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001703FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00170600 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00171014 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00170804 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00170A08 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00170C0C .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00170E10 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001701F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00190600 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00190804 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00190A08 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001901F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2892] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001903FC .text C:\Windows\notepad.exe[2908] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\notepad.exe[2908] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\notepad.exe[2908] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\notepad.exe[2908] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\notepad.exe[2908] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00090600 .text C:\Windows\notepad.exe[2908] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00090804 .text C:\Windows\notepad.exe[2908] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00090A08 .text C:\Windows\notepad.exe[2908] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000901F8 .text C:\Windows\notepad.exe[2908] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000903FC .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000803FC .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00080600 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00080C0C .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2916] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[2936] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2936] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2936] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2936] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2936] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 000E0600 .text C:\Windows\system32\svchost.exe[2936] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 000E0804 .text C:\Windows\system32\svchost.exe[2936] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 000E0A08 .text C:\Windows\system32\svchost.exe[2936] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[2936] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000E03FC .text C:\Windows\system32\PSIService.exe[2948] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001501F8 .text C:\Windows\system32\PSIService.exe[2948] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001503FC .text C:\Windows\system32\PSIService.exe[2948] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001603FC .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00160600 .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00161014 .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00160804 .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00160A08 .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00160C0C .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00160E10 .text C:\Windows\system32\PSIService.exe[2948] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001601F8 .text C:\Windows\system32\PSIService.exe[2948] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00170600 .text C:\Windows\system32\PSIService.exe[2948] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00170804 .text C:\Windows\system32\PSIService.exe[2948] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\PSIService.exe[2948] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\PSIService.exe[2948] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\svchost.exe[3000] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3000] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3000] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3000] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3000] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[3000] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[3000] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[3000] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[3000] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3020] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00090600 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00090804 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00090A08 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000901F8 .text c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3032] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[3144] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3144] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3144] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3144] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 000D0600 .text C:\Windows\system32\svchost.exe[3144] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 000D0804 .text C:\Windows\system32\svchost.exe[3144] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 000D0A08 .text C:\Windows\system32\svchost.exe[3144] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000D01F8 .text C:\Windows\system32\svchost.exe[3144] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000D03FC .text C:\Windows\system32\Wacom_Tablet.exe[3168] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\Wacom_Tablet.exe[3168] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\Wacom_Tablet.exe[3168] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Wacom_Tablet.exe[3168] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Wacom_Tablet.exe[3168] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00180600 .text C:\Windows\system32\Wacom_Tablet.exe[3168] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00180804 .text C:\Windows\system32\Wacom_Tablet.exe[3168] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00180A08 .text C:\Windows\system32\Wacom_Tablet.exe[3168] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001801F8 .text C:\Windows\system32\Wacom_Tablet.exe[3168] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\taskeng.exe[3272] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[3272] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[3272] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[3272] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[3272] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3272] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3272] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[3272] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[3272] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3496] KERNEL32.dll!CreateThread 7675CB0E 5 Bytes JMP 692175DB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00060600 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00060C0C .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 692525AC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!CallNextHookEx 77418E3B 5 Bytes JMP 69277FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 6929ED00 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!EnableWindow 7741CD8B 5 Bytes JMP 69259EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DefWindowProcA 7741DB88 7 Bytes JMP 69219805 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!CreateWindowExA 7741DC2A 5 Bytes JMP 6922363B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!CreateWindowExW 77421305 5 Bytes JMP 692803CF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DefWindowProcW 774303B4 7 Bytes JMP 69278042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxParamW 774410B0 5 Bytes JMP 691B1893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxIndirectParamW 77442EF5 5 Bytes JMP 693A8FB6 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxParamA 77458152 5 Bytes JMP 693A8F51 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!DialogBoxIndirectParamA 7745847D 5 Bytes JMP 693A901B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxIndirectA 7746D4D9 5 Bytes JMP 693A8ED8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxIndirectW 7746D5D3 5 Bytes JMP 693A8E5F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxExA 7746D639 5 Bytes JMP 693A8DFB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] USER32.dll!MessageBoxExW 7746D65D 5 Bytes JMP 693A8D97 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ole32.dll!OleLoadFromStream 76011E80 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3496] ole32.dll!OleLoadFromStream 76011E80 5 Bytes JMP 693A9784 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text c:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3532] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\WUDFHost.exe[3624] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\System32\WUDFHost.exe[3624] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\System32\WUDFHost.exe[3624] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\WUDFHost.exe[3624] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\WUDFHost.exe[3624] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Windows\System32\WUDFHost.exe[3624] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Windows\System32\WUDFHost.exe[3624] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\WUDFHost.exe[3624] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\WUDFHost.exe[3624] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000903FC .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00090600 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00091014 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00090804 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00090A08 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00090C0C .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00090E10 .text c:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe[3656] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000901F8 .text C:\Windows\ehome\ehsched.exe[3828] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000501F8 .text C:\Windows\ehome\ehsched.exe[3828] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000503FC .text C:\Windows\ehome\ehsched.exe[3828] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000603FC .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00060600 .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00061014 .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00060804 .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00060A08 .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00060C0C .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00060E10 .text C:\Windows\ehome\ehsched.exe[3828] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000601F8 .text C:\Windows\ehome\ehsched.exe[3828] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Windows\ehome\ehsched.exe[3828] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text C:\Windows\ehome\ehsched.exe[3828] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text C:\Windows\ehome\ehsched.exe[3828] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Windows\ehome\ehsched.exe[3828] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3912] KERNEL32.dll!CreateThread 7675CB0E 5 Bytes JMP 692175DB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00060600 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00060C0C .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 692525AC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!CallNextHookEx 77418E3B 5 Bytes JMP 69277FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 6929ED00 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!EnableWindow 7741CD8B 5 Bytes JMP 69259EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!DefWindowProcA 7741DB88 7 Bytes JMP 69219805 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!CreateWindowExA 7741DC2A 5 Bytes JMP 6922363B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!CreateWindowExW 77421305 5 Bytes JMP 692803CF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!DefWindowProcW 774303B4 7 Bytes JMP 69278042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!DialogBoxParamW 774410B0 5 Bytes JMP 691B1893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!DialogBoxIndirectParamW 77442EF5 5 Bytes JMP 693A8FB6 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!DialogBoxParamA 77458152 5 Bytes JMP 693A8F51 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!DialogBoxIndirectParamA 7745847D 5 Bytes JMP 693A901B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!MessageBoxIndirectA 7746D4D9 5 Bytes JMP 693A8ED8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!MessageBoxIndirectW 7746D5D3 5 Bytes JMP 693A8E5F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!MessageBoxExA 7746D639 5 Bytes JMP 693A8DFB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] USER32.dll!MessageBoxExW 7746D65D 5 Bytes JMP 693A8D97 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ole32.dll!OleLoadFromStream 76011E80 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3912] ole32.dll!OleLoadFromStream 76011E80 5 Bytes JMP 693A9784 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001601F8 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001603FC .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00170600 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00170804 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00170A08 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001701F8 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001703FC .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001803FC .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00180600 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00181014 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00180804 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00180A08 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00180C0C .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00180E10 .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[4536] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001801F8 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001601F8 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001603FC .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001703FC .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00170600 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00171014 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00170804 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00170A08 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00170C0C .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00170E10 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001701F8 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00180600 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00180804 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00180A08 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001801F8 .text C:\Users\Jacek\Desktop\iggpffed.exe[4548] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001803FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4596] kernel32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text c:\Program Files\Windows Media Player\wmplayer.exe[5076] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\X-Rite\InstrumentService\colormunki\ColorMunki.exe[5132] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001803FC .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001501F8 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001503FC .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001603FC .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00160600 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00161014 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00160804 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00160A08 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00160C0C .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00160E10 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001601F8 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00170600 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00170804 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00170A08 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001701F8 .text C:\Program Files\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe[5204] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001703FC .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Program Files\EIZO\ColorNavigator\ColorNavigatorAgent.exe[5416] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000803FC .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00080600 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00081014 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00080804 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00080A08 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00080C0C .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00080E10 .text c:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5440] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] KERNEL32.dll!SetUnhandledExceptionFilter 7673A8B5 5 Bytes JMP 57D550B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001703FC .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00170600 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00170C0C .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00190600 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00190804 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00190A08 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001903FC .text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[5508] ole32.dll!OleLoadFromStream 76011E80 5 Bytes JMP 5881E11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\Program Files\GetRight\getright.exe[5512] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001701F8 .text C:\Program Files\GetRight\getright.exe[5512] ntdll.dll!LdrUnloadDll 778EB680 3 Bytes JMP 001703FC .text C:\Program Files\GetRight\getright.exe[5512] ntdll.dll!LdrUnloadDll + 4 778EB684 1 Byte [88] .text C:\Program Files\GetRight\getright.exe[5512] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\GetRight\getright.exe[5512] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00180600 .text C:\Program Files\GetRight\getright.exe[5512] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00180804 .text C:\Program Files\GetRight\getright.exe[5512] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00180A08 .text C:\Program Files\GetRight\getright.exe[5512] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001801F8 .text C:\Program Files\GetRight\getright.exe[5512] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001803FC .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001903FC .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00190600 .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00191014 .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00190804 .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00190A08 .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00190C0C .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00190E10 .text C:\Program Files\GetRight\getright.exe[5512] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001901F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[5624] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000603FC .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00060600 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00060C0C .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00070600 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00070804 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00070A08 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000703FC .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!EnableWindow 7741CD8B 5 Bytes JMP 69259EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!DialogBoxParamW 774410B0 5 Bytes JMP 691B1893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!DialogBoxIndirectParamW 77442EF5 5 Bytes JMP 693A8FB6 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!DialogBoxParamA 77458152 5 Bytes JMP 693A8F51 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!DialogBoxIndirectParamA 7745847D 5 Bytes JMP 693A901B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!MessageBoxIndirectA 7746D4D9 5 Bytes JMP 693A8ED8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!MessageBoxIndirectW 7746D5D3 5 Bytes JMP 693A8E5F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!MessageBoxExA 7746D639 5 Bytes JMP 693A8DFB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5624] USER32.dll!MessageBoxExW 7746D65D 5 Bytes JMP 693A8D97 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Windows\notepad.exe[5652] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000601F8 .text C:\Windows\notepad.exe[5652] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000603FC .text C:\Windows\notepad.exe[5652] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000703FC .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00070600 .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00071014 .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00070804 .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00070A08 .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00070C0C .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00070E10 .text C:\Windows\notepad.exe[5652] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000701F8 .text C:\Windows\notepad.exe[5652] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00080600 .text C:\Windows\notepad.exe[5652] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 00080804 .text C:\Windows\notepad.exe[5652] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 00080A08 .text C:\Windows\notepad.exe[5652] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000801F8 .text C:\Windows\notepad.exe[5652] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\conime.exe[5712] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 000901F8 .text C:\Windows\system32\conime.exe[5712] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 000903FC .text C:\Windows\system32\conime.exe[5712] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 000A03FC .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 000A0600 .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 000A1014 .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 000A0804 .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 000A0A08 .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 000A0C0C .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 000A0E10 .text C:\Windows\system32\conime.exe[5712] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 000A01F8 .text C:\Windows\system32\conime.exe[5712] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 000B0600 .text C:\Windows\system32\conime.exe[5712] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\conime.exe[5712] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\conime.exe[5712] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\conime.exe[5712] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ntdll.dll!LdrLoadDll 778D9378 5 Bytes JMP 001501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ntdll.dll!LdrUnloadDll 778EB680 5 Bytes JMP 001503FC .text C:\Program Files\Internet Explorer\iexplore.exe[5840] KERNEL32.dll!CreateThread 7675CB0E 5 Bytes JMP 692175DB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] KERNEL32.dll!GetBinaryTypeW + 70 76762447 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!CreateServiceW 76189EB4 5 Bytes JMP 001603FC .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!DeleteService 7618A07E 5 Bytes JMP 00160600 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!SetServiceObjectSecurity 761C6CD9 5 Bytes JMP 00161014 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!ChangeServiceConfigA 761C6DD9 5 Bytes JMP 00160804 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!ChangeServiceConfigW 761C6F81 5 Bytes JMP 00160A08 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!ChangeServiceConfig2A 761C7099 5 Bytes JMP 00160C0C .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!ChangeServiceConfig2W 761C71E1 5 Bytes JMP 00160E10 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ADVAPI32.dll!CreateServiceA 761C72A1 5 Bytes JMP 001601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetWindowsHookExA 77416322 5 Bytes JMP 00170600 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetWindowsHookExW 774187AD 5 Bytes JMP 692525AC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CallNextHookEx 77418E3B 5 Bytes JMP 69277FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!UnhookWindowsHookEx 774198DB 5 Bytes JMP 6929ED00 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!SetWinEventHook 77419F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!UnhookWinEvent 7741C06F 5 Bytes JMP 001703FC .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!EnableWindow 7741CD8B 5 Bytes JMP 69259EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DefWindowProcA 7741DB88 7 Bytes JMP 69219805 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateWindowExA 7741DC2A 5 Bytes JMP 6922363B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!CreateWindowExW 77421305 5 Bytes JMP 692803CF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DefWindowProcW 774303B4 7 Bytes JMP 69278042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxParamW 774410B0 5 Bytes JMP 691B1893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxIndirectParamW 77442EF5 5 Bytes JMP 693A8FB6 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxParamA 77458152 5 Bytes JMP 693A8F51 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!DialogBoxIndirectParamA 7745847D 5 Bytes JMP 693A901B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxIndirectA 7746D4D9 5 Bytes JMP 693A8ED8 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxIndirectW 7746D5D3 5 Bytes JMP 693A8E5F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxExA 7746D639 5 Bytes JMP 693A8DFB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] USER32.dll!MessageBoxExW 7746D65D 5 Bytes JMP 693A8D97 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ole32.dll!OleLoadFromStream 76011E80 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5840] ole32.dll!OleLoadFromStream 76011E80 5 Bytes JMP 693A9784 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) ---- User IAT/EAT - GMER 2.0 ---- IAT c:\Program Files\AVAST Software\Avast\AvastSvc.exe[352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71F7F6D0] c:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000F0002 IAT C:\Windows\system32\services.exe[744] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000F0000 IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[4596] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71F7F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 02038836 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 02038401 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 02037B99 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 02038B62 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 020371D1 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 02036E0B IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 02037011 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 02037A95 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 02037E8D IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 02037D22 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 02037E3B IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 020380C7 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 02037F85 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 02037C99 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 02037DE4 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 02037B4C IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 02037A65 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 02038842 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 02037126 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 020385D7 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0203852C IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 020384FC IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 02037629 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 02036D4E IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 02037C09 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 02036D09 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 02036E59 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 020362D9 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 02037828 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 02038830 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 020389C7 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 02038995 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 02038AEA IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 02038B46 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 02038A33 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 020387C1 IAT C:\Program Files\GetRight\getright.exe[5512] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 02038779 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xBD 0x4D 0xE2 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0xFA 0x58 0xC7 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x78 0x85 0x7A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4A 0x09 0x5B 0xFB ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0xEF 0xEF 0xC5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xBD 0x4D 0xE2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x74 0x79 0x55 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x78 0x85 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x58 0x76 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF3 0x6F 0xA2 0xE0 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xBD 0x4D 0xE2 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x74 0x79 0x55 0xA1 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFF 0x78 0x85 0x7A ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x58 0x76 0xA3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF3 0x6F 0xA2 0xE0 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xFF 0x38 0x00 0x67 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 2.0 ----