GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-09-21 16:16:43 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420AS rev.D005SDM1 465,76GB Running: epns9rkf.exe; Driver: C:\Users\Asia\AppData\Local\Temp\kftcqaog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80003009000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff8000300902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\services.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe[220] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1336] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1744] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[1996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1172] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002c01f8 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002c03fc .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 00000001002c0804 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 00000001002c0600 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 00000001002c0a08 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 00000001002d1014 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 00000001002d0804 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 00000001002d0a08 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 00000001002d0c0c .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 00000001002d0e10 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002d01f8 .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002d03fc .text C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe[1524] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 00000001002d0600 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1192] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\wbem\unsecapp.exe[2340] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010026075c .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001002603a4 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100260b14 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100260ecc .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010026163c .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100261284 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001002619f4 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\wbem\wmiprvse.exe[2472] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 00000001003e075c .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001003e03a4 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 00000001003e0b14 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 00000001003e0ecc .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 00000001003e163c .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 00000001003e1284 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001003e19f4 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\SearchIndexer.exe[3044] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 3 bytes JMP 000000010042075c .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll + 4 00000000771d3b14 1 byte [89] .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 3 bytes JMP 00000001004203a4 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 4 00000000771d7ac4 1 byte [89] .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100420b14 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100420ecc .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010042163c .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100421284 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001004219f4 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\svchost.exe[2888] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100241014 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100240c0c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100240e10 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100250a08 .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\System32\svchost.exe[1568] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010011075c .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001001103a4 .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100110b14 .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100110ecc .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010011163c .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100111284 .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001001119f4 .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\Dwm.exe[508] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 00000001001b075c .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001001b03a4 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 00000001001b0b14 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 00000001001b0ecc .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 00000001001b163c .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 00000001001b1284 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001001b19f4 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\taskhost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010039075c .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001003903a4 .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100390b14 .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100390ecc .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010039163c .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100391284 .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001003919f4 .text C:\Windows\Explorer.EXE[1132] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\Explorer.EXE[1132] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002401f8 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002403fc .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100240804 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100240600 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100240a08 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100251014 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100250804 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100250a08 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100250c0c .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100250e10 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002501f8 .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002503fc .text C:\ProgramData\DatacardService\DCSHelper.exe[3120] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100250600 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 00000001002a075c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001002a03a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 00000001002a0b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 00000001002a0ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 00000001002a163c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 00000001002a1284 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001002a19f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2620] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 00000001005a075c .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001005a03a4 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 00000001005a0b14 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 00000001005a0ecc .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 00000001005a163c .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 00000001005a1284 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001005a19f4 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\Java\jre6\bin\jusched.exe[3456] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010020075c .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001002003a4 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100200b14 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100200ecc .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010020163c .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100201284 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001002019f4 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\System32\igfxtray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010045075c .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001004503a4 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100450b14 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100450ecc .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010045163c .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100451284 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001004519f4 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\System32\hkcmd.exe[3484] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010032075c .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001003203a4 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100320b14 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100320ecc .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010032163c .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100321284 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001003219f4 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\System32\igfxpers.exe[3764] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010044075c .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001004403a4 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100440b14 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100440ecc .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010044163c .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100441284 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001004419f4 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\igfxsrvc.exe[3140] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\IDT\WDM\sttray64.exe[2936] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe[3596] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100250600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010033075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001003303a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100330b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100330ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010033163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100331284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001003319f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[804] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010025075c .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001002503a4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100250b14 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100250ecc .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010025163c .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100251284 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001002519f4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\Dell\QuickSet\quickset.exe[4040] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100101014 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100100804 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100100a08 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100100c0c .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100100e10 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001001001f8 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001001003fc .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100100600 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001001901f8 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001001903fc .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100190804 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100190600 .text C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe[1164] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100190a08 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010043075c .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001004303a4 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100430b14 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100430ecc .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010043163c .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100431284 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001004319f4 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\Windows Sidebar\sidebar.exe[1704] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 00000001001c0600 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 00000001001c0804 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 00000001001c0c0c .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 00000001001c0a08 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 00000001001c0e10 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001001c01f8 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001001c03fc .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001001d01f8 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001001d03fc .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 00000001001d0804 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 00000001001d0600 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 00000001001d0a08 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 00000001001e1014 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 00000001001e0804 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 00000001001e0a08 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 00000001001e0c0c .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 00000001001e0e10 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001001e01f8 .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001001e03fc .text C:\Program Files (x86)\QuickTime\qttask.exe[3684] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 00000001001e0600 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3828] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002601f8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002603fc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100260804 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100260600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3524] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100260a08 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe[1144] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[4168] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100091014 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100090804 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100090a08 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100090c0c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100090e10 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001000901f8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001000903fc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100090600 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001001201f8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001001203fc .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100120804 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100120600 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100120a08 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767c1465 2 bytes [7C, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767c14bb 2 bytes [7C, 76] .text ... * 2 .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\wbem\unsecapp.exe[4300] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4436] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010018075c .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001001803a4 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100180b14 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100180ecc .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010018163c .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100181284 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001001819f4 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\wuauclt.exe[4472] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002c01f8 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002c03fc .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 00000001002c0804 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 00000001002c0600 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 00000001002c0a08 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 00000001002d1014 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 00000001002d0804 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 00000001002d0a08 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 00000001002d0c0c .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 00000001002d0e10 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002d01f8 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002d03fc .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 00000001002d0600 .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000767c1465 2 bytes [7C, 76] .text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767c14bb 2 bytes [7C, 76] .text ... * 2 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002401f8 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002403fc .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 0000000100240804 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 0000000100240600 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 0000000100240a08 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 0000000100251014 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 0000000100250a08 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 0000000100250c0c .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 0000000100250e10 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe[4612] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 0000000100250600 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010036075c .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001003603a4 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100360b14 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100360ecc .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010036163c .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100361284 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001003619f4 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\System32\svchost.exe[5024] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 00000000771d3b10 5 bytes JMP 000000010017075c .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 00000000771d7ac0 5 bytes JMP 00000001001703a4 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077201430 5 bytes JMP 0000000100170b14 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077201490 5 bytes JMP 0000000100170ecc .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077201570 5 bytes JMP 000000010017163c .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000772017b0 5 bytes JMP 0000000100171284 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772027e0 5 bytes JMP 00000001001719f4 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff2e6e00 5 bytes JMP 000007ff7f301dac .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff2e6f2c 5 bytes JMP 000007ff7f300ecc .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff2e7220 5 bytes JMP 000007ff7f301284 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff2e739c 5 bytes JMP 000007ff7f30163c .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff2e7538 5 bytes JMP 000007ff7f3019f4 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff2e75e8 5 bytes JMP 000007ff7f3003a4 .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff2e790c 5 bytes JMP 000007ff7f30075c .text C:\Windows\system32\svchost.exe[4072] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff2e7ab4 5 bytes JMP 000007ff7f300b14 .text C:\Windows\system32\AUDIODG.EXE[5968] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076e8eecd 1 byte [62] .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000773afac0 5 bytes JMP 0000000100030600 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000773afb58 5 bytes JMP 0000000100030804 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000773afcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000773b0038 5 bytes JMP 0000000100030a08 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000773b1920 5 bytes JMP 0000000100030e10 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000773cc4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000773d1287 5 bytes JMP 00000001000303fc .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000074b1a2ba 1 byte [62] .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000750a5181 5 bytes JMP 00000001002c1014 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000750a5254 5 bytes JMP 00000001002c0804 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000750a53d5 5 bytes JMP 00000001002c0a08 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000750a54c2 5 bytes JMP 00000001002c0c0c .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000750a55e2 5 bytes JMP 00000001002c0e10 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000750a567c 5 bytes JMP 00000001002c01f8 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000750a589f 5 bytes JMP 00000001002c03fc .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000750a5a22 5 bytes JMP 00000001002c0600 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766dee09 5 bytes JMP 00000001002d01f8 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766e3982 5 bytes JMP 00000001002d03fc .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766e7603 5 bytes JMP 00000001002d0804 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766e835c 5 bytes JMP 00000001002d0600 .text C:\Users\Asia\Desktop\skany\epns9rkf.exe[2208] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000766ff52b 5 bytes JMP 00000001002d0a08 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1568:3220] 000007fef5e89688 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3020:2852] 000007fefe310168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3020:1604] 000007fefaab2a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3020:2552] 000007fef4d4d618 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3020:3188] 000007fef9f25124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3020:3324] 000007fefe310168 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{79603C90-F8F1-44CE-80F4-08B11201DBE2}\Connection@Name isatap.{293334AE-2790-4C9F-9B58-F990DFE42048} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{79603C90-F8F1-44CE-80F4-08B11201DBE2}?\Device\{E62B4B9C-8D9C-4CF4-BEE8-B845B0EAABDD}?\Device\{4858671D-16A6-414A-9A6C-E79E94B60873}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{79603C90-F8F1-44CE-80F4-08B11201DBE2}"?"{E62B4B9C-8D9C-4CF4-BEE8-B845B0EAABDD}"?"{4858671D-16A6-414A-9A6C-E79E94B60873}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{79603C90-F8F1-44CE-80F4-08B11201DBE2}?\Device\TCPIP6TUNNEL_{E62B4B9C-8D9C-4CF4-BEE8-B845B0EAABDD}?\Device\TCPIP6TUNNEL_{4858671D-16A6-414A-9A6C-E79E94B60873}? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 43 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 58887 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79603C90-F8F1-44CE-80F4-08B11201DBE2}@InterfaceName isatap.{293334AE-2790-4C9F-9B58-F990DFE42048} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{79603C90-F8F1-44CE-80F4-08B11201DBE2}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 14628 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 43 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 58887 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition3\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje rezydentny skaner, kwarantann? oraz harmonogram zada?. ---- EOF - GMER 2.1 ----