GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-29 15:48:50 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHW2160BH_PL rev.891F Running: gmer.exe; Driver: C:\Users\jola\AppData\Local\Temp\kxldypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9294B202] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9294D81C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9294D874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9294D98A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9294D772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9294D8C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9294D7C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9294D938] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9294B226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9294AFF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9294B24A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9294DD82] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9294BCDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9294D84C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9294D89C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9294D9B4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9294D79E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9294D904] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9294D7F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9294D962] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9294BBA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9294B26E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9294B292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9294B04A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9294B186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9294B162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9294B1AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9294B2B6] INT 0x51 ? 8B235F00 INT 0x51 ? 8B235F00 INT 0x72 ? 8B235F00 INT 0x82 ? 8B235F00 INT 0x92 ? 8B235F00 INT 0xA2 ? 8944BBF8 INT 0xB2 ? 8944BBF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92ED1902] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 876B9890 4 Bytes [02, B2, 94, 92] .text ntkrnlpa.exe!KeSetEvent + 1D1 876B9954 8 Bytes [1C, D8, 94, 92, 74, D8, 94, ...] {SBB AL, 0xd8; XCHG ESP, EAX; XCHG EDX, EAX; JZ 0xffffffffffffffde; XCHG ESP, EAX; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetEvent + 1DD 876B9960 4 Bytes [8A, D9, 94, 92] {MOV BL, CL; XCHG ESP, EAX; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetEvent + 1F5 876B9978 1 Byte [72] .text ntkrnlpa.exe!KeSetEvent + 1F5 876B9978 4 Bytes [72, D7, 94, 92] {JB 0xffffffffffffffd9; XCHG ESP, EAX; XCHG EDX, EAX} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 877E45C7 5 Bytes JMP 92ECD2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 8783D4F3 5 Bytes JMP 92ECED5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 87846E18 4 Bytes CALL 9294C34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8784AA8C 4 Bytes CALL 9294C361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 8789EDAE 7 Bytes JMP 92ED1906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spuk.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 91FDD41B 5 Bytes JMP 8B2354E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\spoolsv.exe[580] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\System32\spoolsv.exe[580] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\System32\spoolsv.exe[580] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\spoolsv.exe[580] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\spoolsv.exe[580] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00A70600 .text C:\Windows\System32\spoolsv.exe[580] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00A70804 .text C:\Windows\System32\spoolsv.exe[580] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00A70A08 .text C:\Windows\System32\spoolsv.exe[580] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 00A701F8 .text C:\Windows\System32\spoolsv.exe[580] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 00A703FC .text C:\Windows\system32\csrss.exe[588] KERNEL32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\wininit.exe[632] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[632] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[632] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[632] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[632] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00070600 .text C:\Windows\system32\wininit.exe[632] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00070804 .text C:\Windows\system32\wininit.exe[632] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\wininit.exe[632] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\wininit.exe[632] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\csrss.exe[644] KERNEL32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[668] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[668] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[668] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[668] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[668] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[668] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[668] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[668] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[668] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001003FC .text C:\Windows\system32\services.exe[676] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[676] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[676] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[676] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[676] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[676] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[676] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[676] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[676] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[704] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[704] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\system32\taskeng.exe[704] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\taskeng.exe[704] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[704] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000C0600 .text C:\Windows\system32\taskeng.exe[704] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\taskeng.exe[704] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\taskeng.exe[704] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\taskeng.exe[704] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[756] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[756] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[756] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[756] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[756] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[756] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[756] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[756] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[756] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[764] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[764] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[904] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[904] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[980] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[980] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[980] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00200600 .text C:\Windows\system32\svchost.exe[980] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00200804 .text C:\Windows\system32\svchost.exe[980] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00200A08 .text C:\Windows\system32\svchost.exe[980] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 002001F8 .text C:\Windows\system32\svchost.exe[980] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 002003FC .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00AA0600 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00AA0804 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00AA0A08 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 00AA01F8 .text C:\Windows\System32\svchost.exe[1032] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 00AA03FC .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000C0600 .text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000C0804 .text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000C0A08 .text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000C01F8 .text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000C03FC .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00E90600 .text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00E90804 .text C:\Windows\System32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00E90A08 .text C:\Windows\System32\svchost.exe[1140] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 00E901F8 .text C:\Windows\System32\svchost.exe[1140] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 00E903FC .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1152] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00C30600 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00C30804 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00C30A08 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 00C301F8 .text C:\Windows\system32\svchost.exe[1152] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 00C303FC .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000601F8 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000603FC .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1212] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\AUDIODG.EXE[1284] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\SLsvc.exe[1372] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00B10600 .text C:\Windows\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00B10804 .text C:\Windows\system32\svchost.exe[1448] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00B10A08 .text C:\Windows\system32\svchost.exe[1448] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 00B101F8 .text C:\Windows\system32\svchost.exe[1448] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 00B103FC .text C:\Windows\system32\svchost.exe[1636] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1636] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000C01F8 .text C:\Windows\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00110804 .text C:\Windows\system32\svchost.exe[1636] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00110A08 .text C:\Windows\system32\svchost.exe[1636] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001101F8 .text C:\Windows\system32\svchost.exe[1636] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001103FC .text C:\Windows\system32\Dwm.exe[1824] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[1824] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[1824] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00080C0C .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\Dwm.exe[1824] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[1824] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00090600 .text C:\Windows\system32\Dwm.exe[1824] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00090804 .text C:\Windows\system32\Dwm.exe[1824] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00090A08 .text C:\Windows\system32\Dwm.exe[1824] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000901F8 .text C:\Windows\system32\Dwm.exe[1824] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000903FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1852] kernel32.dll!SetUnhandledExceptionFilter 77B4A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1852] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1868] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[1868] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\system32\taskeng.exe[1868] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\taskeng.exe[1868] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[1868] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000C0600 .text C:\Windows\system32\taskeng.exe[1868] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\taskeng.exe[1868] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\taskeng.exe[1868] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\taskeng.exe[1868] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000C03FC .text C:\Windows\Explorer.EXE[1880] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[1880] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[1880] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[1880] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[1880] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[1880] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[1880] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.EXE[1880] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[1880] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000C0600 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000C0804 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000C0A08 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000C01F8 .text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2212] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000C03FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2244] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2256] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2268] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2268] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000801F8 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 002401F8 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 002403FC .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 002603FC .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00260600 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00261014 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00260804 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00260A08 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00260C0C .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00260E10 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 002601F8 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00270600 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00270804 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00270A08 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 002701F8 .text C:\Program Files\iPlus\Drivers\driverVista\GTMax3.6\GtFlashSwitch.exe[2296] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 002703FC .text C:\Windows\system32\svchost.exe[2432] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2432] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2432] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2432] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[2432] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2468] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2468] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2468] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2468] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[2512] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2512] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2512] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[2512] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2540] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[2540] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[2540] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[2540] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2540] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[2540] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[2540] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[2540] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[2540] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2580] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Windows\system32\taskeng.exe[2580] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Windows\system32\taskeng.exe[2580] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\taskeng.exe[2580] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000D0600 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000D0804 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000D0A08 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000D01F8 .text C:\Windows\system32\taskeng.exe[2580] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000D03FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00170600 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00170804 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00170A08 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001703FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 002803FC .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00280600 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00281014 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00280804 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00280A08 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00280C0C .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00280E10 .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2720] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 002801F8 .text C:\Windows\system32\svchost.exe[2944] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2944] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2944] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2944] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2976] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\unsecapp.exe[2976] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\unsecapp.exe[2976] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\unsecapp.exe[2976] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\unsecapp.exe[2976] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\unsecapp.exe[2976] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\unsecapp.exe[2976] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\unsecapp.exe[2976] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\unsecapp.exe[2976] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\alg.exe[3268] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\System32\alg.exe[3268] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\System32\alg.exe[3268] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\alg.exe[3268] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\alg.exe[3268] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Windows\System32\alg.exe[3268] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Windows\System32\alg.exe[3268] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\alg.exe[3268] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\alg.exe[3268] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\wuauclt.exe[3512] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\wuauclt.exe[3512] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000A03FC .text C:\Windows\system32\wuauclt.exe[3512] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3512] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000B0600 .text C:\Windows\system32\wuauclt.exe[3512] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000B0804 .text C:\Windows\system32\wuauclt.exe[3512] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000B0A08 .text C:\Windows\system32\wuauclt.exe[3512] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000B01F8 .text C:\Windows\system32\wuauclt.exe[3512] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000B03FC .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000C03FC .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000C0600 .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000C1014 .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000C0804 .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000C0C0C .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000C0E10 .text C:\Windows\system32\wuauclt.exe[3512] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000C01F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Program Files\Windows Defender\MSASCui.exe[3536] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001703FC .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00170600 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00171014 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00170804 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00170A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00170C0C .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00170E10 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00180600 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00180804 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00180A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3536] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001803FC .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[3548] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Windows\System32\hkcmd.exe[3564] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8 .text C:\Windows\System32\hkcmd.exe[3564] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC .text C:\Windows\System32\hkcmd.exe[3564] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[3564] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00180600 .text C:\Windows\System32\hkcmd.exe[3564] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00180804 .text C:\Windows\System32\hkcmd.exe[3564] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00180A08 .text C:\Windows\System32\hkcmd.exe[3564] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001801F8 .text C:\Windows\System32\hkcmd.exe[3564] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001803FC .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00190C0C .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\hkcmd.exe[3564] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001901F8 .text C:\Windows\System32\igfxpers.exe[3604] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8 .text C:\Windows\System32\igfxpers.exe[3604] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC .text C:\Windows\System32\igfxpers.exe[3604] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[3604] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00170600 .text C:\Windows\System32\igfxpers.exe[3604] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00170804 .text C:\Windows\System32\igfxpers.exe[3604] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00170A08 .text C:\Windows\System32\igfxpers.exe[3604] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001701F8 .text C:\Windows\System32\igfxpers.exe[3604] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001703FC .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00190600 .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00191014 .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00190C0C .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00190E10 .text C:\Windows\System32\igfxpers.exe[3604] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001901F8 .text C:\Windows\system32\igfxsrvc.exe[3628] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxsrvc.exe[3628] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxsrvc.exe[3628] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[3628] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxsrvc.exe[3628] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxsrvc.exe[3628] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxsrvc.exe[3628] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxsrvc.exe[3628] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001903FC .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00190600 .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00191014 .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00190804 .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00190A08 .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00190C0C .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00190E10 .text C:\Windows\system32\igfxsrvc.exe[3628] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3676] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000803FC .text C:\Program Files\QuickTime\QTTask.exe[3812] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8 .text C:\Program Files\QuickTime\QTTask.exe[3812] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC .text C:\Program Files\QuickTime\QTTask.exe[3812] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\QuickTime\QTTask.exe[3812] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00170600 .text C:\Program Files\QuickTime\QTTask.exe[3812] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00170804 .text C:\Program Files\QuickTime\QTTask.exe[3812] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00170A08 .text C:\Program Files\QuickTime\QTTask.exe[3812] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001701F8 .text C:\Program Files\QuickTime\QTTask.exe[3812] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001703FC .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00180C0C .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\QuickTime\QTTask.exe[3812] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001601F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001603FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00170600 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00170804 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00170A08 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001701F8 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001703FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00180C0C .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3840] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Winamp\winampa.exe[3848] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 000901F8 .text C:\Program Files\Winamp\winampa.exe[3848] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 000903FC .text C:\Program Files\Winamp\winampa.exe[3848] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[3848] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 000B0600 .text C:\Program Files\Winamp\winampa.exe[3848] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 000B0804 .text C:\Program Files\Winamp\winampa.exe[3848] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 000B0A08 .text C:\Program Files\Winamp\winampa.exe[3848] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 000B01F8 .text C:\Program Files\Winamp\winampa.exe[3848] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 000B03FC .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 000C03FC .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 000C0600 .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 000C1014 .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 000C0804 .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 000C0A08 .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 000C0C0C .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 000C0E10 .text C:\Program Files\Winamp\winampa.exe[3848] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 000C01F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3856] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00190804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00190A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001901F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3988] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001903FC .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 00170600 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 00170804 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 00170A08 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 001703FC .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 00180C0C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[4012] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001801F8 .text C:\Users\jola\Desktop\gmer.exe[4068] ntdll.dll!LdrLoadDll 77CF93A8 5 Bytes JMP 001501F8 .text C:\Users\jola\Desktop\gmer.exe[4068] ntdll.dll!LdrUnloadDll 77D0B740 5 Bytes JMP 001503FC .text C:\Users\jola\Desktop\gmer.exe[4068] kernel32.dll!GetBinaryTypeW + 70 77B72247 1 Byte [62] .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!CreateServiceW 77C49EB4 5 Bytes JMP 001A03FC .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!DeleteService 77C4A07E 5 Bytes JMP 001A0600 .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 77C86CD9 5 Bytes JMP 001A1014 .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 77C86DD9 5 Bytes JMP 001A0804 .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 77C86F81 5 Bytes JMP 001A0A08 .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 77C87099 5 Bytes JMP 001A0C0C .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 77C871E1 5 Bytes JMP 001A0E10 .text C:\Users\jola\Desktop\gmer.exe[4068] ADVAPI32.dll!CreateServiceA 77C872A1 5 Bytes JMP 001A01F8 .text C:\Users\jola\Desktop\gmer.exe[4068] USER32.dll!SetWindowsHookExA 77E96322 5 Bytes JMP 003F0600 .text C:\Users\jola\Desktop\gmer.exe[4068] USER32.dll!SetWindowsHookExW 77E987AD 5 Bytes JMP 003F0804 .text C:\Users\jola\Desktop\gmer.exe[4068] USER32.dll!UnhookWindowsHookEx 77E998DB 5 Bytes JMP 003F0A08 .text C:\Users\jola\Desktop\gmer.exe[4068] USER32.dll!SetWinEventHook 77E99F3A 5 Bytes JMP 003F01F8 .text C:\Users\jola\Desktop\gmer.exe[4068] USER32.dll!UnhookWinEvent 77E9C06F 5 Bytes JMP 003F03FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8CE916D6] \SystemRoot\System32\Drivers\spuk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8CE91042] \SystemRoot\System32\Drivers\spuk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8CE91800] \SystemRoot\System32\Drivers\spuk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8CE910C0] \SystemRoot\System32\Drivers\spuk.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8CE9113E] \SystemRoot\System32\Drivers\spuk.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8CEA0B90] \SystemRoot\System32\Drivers\spuk.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002 IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000 IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7471A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7474CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8A2101F8 Device \Driver\volmgr \Device\VolMgrControl 8944D1F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e375dae5c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e375dae5c@0022a99f2268 0xFF 0x71 0xBC 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e375dae5c@001ee2503594 0x44 0xF5 0x3E 0x09 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e375dae5c@5492be8f055e 0x89 0x68 0xEB 0xE7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAE 0x4F 0x96 0x97 ... Reg HKLM\SYSTEM\ControlSet112\Services\BTHPORT\Parameters\Keys\001e375dae5c Reg HKLM\SYSTEM\ControlSet112\Services\BTHPORT\Parameters\Keys\001e375dae5c@0022a99f2268 0xFF 0x71 0xBC 0x16 ... Reg HKLM\SYSTEM\ControlSet112\Services\BTHPORT\Parameters\Keys\001e375dae5c@001ee2503594 0x44 0xF5 0x3E 0x09 ... Reg HKLM\SYSTEM\ControlSet112\Services\BTHPORT\Parameters\Keys\001e375dae5c@5492be8f055e 0x89 0x68 0xEB 0xE7 ... Reg HKLM\SYSTEM\ControlSet112\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet112\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet112\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet112\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAE 0x4F 0x96 0x97 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- Files - GMER 1.0.15 ---- File C:\## aswSnx private storage 0 bytes File C:\## aswSnx private storage\r5 0 bytes ---- EOF - GMER 1.0.15 ----