GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-12 01:10:15 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Hitachi_HDP725050GLA360 rev.GM4OA52A Running: ymisiqls.exe; Driver: C:\Users\BORYSA~1\AppData\Local\Temp\kxldapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E19C9CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E19EEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E19EF04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E19F01A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E19EE02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E19EF54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E19EE56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E19EFC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E19C9EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E19C7B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E19CA12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E19F412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E19D4AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E19EEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E19EF2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E19F044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E19EE2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E19EF94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E19EE84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E19EFF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E19D370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E19CA36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E19CA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E19C812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E19C94E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E19C92A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E19C972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E19CA7E] INT 0x51 ? 86B53F00 INT 0x62 ? 86B53F00 INT 0x72 ? 86B53F00 INT 0x82 ? 8691DBF8 INT 0x92 ? 8691DBF8 INT 0xA2 ? 8691DBF8 INT 0xA2 ? 8691DBF8 INT 0xA2 ? 86B53F00 INT 0xA2 ? 8691DBF8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EBBE8DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 838AC890 4 Bytes [CA, C9, 19, 8E] .text ntkrnlpa.exe!KeSetEvent + 1D1 838AC954 8 Bytes [AC, EE, 19, 8E, 04, EF, 19, ...] {LODSB ; OUT DX, AL ; SBB [ESI-0x71e610fc], ECX} .text ntkrnlpa.exe!KeSetEvent + 1DD 838AC960 4 Bytes [1A, F0, 19, 8E] .text ntkrnlpa.exe!KeSetEvent + 1F5 838AC978 4 Bytes [02, EE, 19, 8E] .text ntkrnlpa.exe!KeSetEvent + 215 838AC998 8 Bytes [54, EF, 19, 8E, 56, EE, 19, ...] {PUSH ESP; OUT DX, EAX; SBB [ESI-0x71e611aa], ECX} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 839D762F 5 Bytes JMP 8EBBA29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 83A30543 5 Bytes JMP 8EBBBD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83A39E68 4 Bytes CALL 8E19DE3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 83A3DADC 4 Bytes CALL 8E19DE51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 83A91DCA 7 Bytes JMP 8EBBE8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spwl.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D80E340, 0x3D9767, 0xE8000020] .text USBPORT.SYS!DllUnload 899D241B 5 Bytes JMP 86B534E0 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\spoolsv.exe[484] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\spoolsv.exe[484] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\spoolsv.exe[484] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\spoolsv.exe[484] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002400A8 .text C:\Windows\System32\spoolsv.exe[484] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002400E4 .text C:\Windows\System32\spoolsv.exe[484] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00240120 .text C:\Windows\System32\spoolsv.exe[484] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00240030 .text C:\Windows\System32\spoolsv.exe[484] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0024006C .text C:\Windows\system32\svchost.exe[508] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[508] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[508] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[508] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001800A8 .text C:\Windows\system32\svchost.exe[508] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001800E4 .text C:\Windows\system32\svchost.exe[508] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00180120 .text C:\Windows\system32\svchost.exe[508] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00180030 .text C:\Windows\system32\svchost.exe[508] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0018006C .text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00030030 .text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0003006C .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0006006C .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000600A8 .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000601D4 .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000600E4 .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00060120 .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0006015C .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00060198 .text C:\Windows\system32\wininit.exe[564] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00060030 .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000700A8 .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000700E4 .text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070120 .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00070030 .text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0007006C .text C:\Windows\system32\services.exe[608] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\services.exe[608] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\services.exe[608] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\services.exe[608] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\services.exe[608] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\services.exe[608] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\services.exe[608] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\services.exe[608] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\lsass.exe[620] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\lsass.exe[620] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\lsass.exe[620] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\lsass.exe[620] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\lsass.exe[620] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\lsass.exe[620] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\lsass.exe[620] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\lsm.exe[632] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\lsm.exe[632] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[804] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 006A00A8 .text C:\Windows\system32\svchost.exe[804] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 006A00E4 .text C:\Windows\system32\svchost.exe[804] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 006A0120 .text C:\Windows\system32\svchost.exe[804] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 006A0030 .text C:\Windows\system32\svchost.exe[804] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 006A006C .text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00030030 .text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0003006C .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0005006C .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000500A8 .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000501D4 .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000500E4 .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00050120 .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0005015C .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00050198 .text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00050030 .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000600A8 .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000600E4 .text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00060120 .text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00060030 .text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0006006C .text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00140030 .text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0014006C .text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001600A8 .text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001600E4 .text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00160120 .text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00160030 .text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0016006C .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0017006C .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001700A8 .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001701D4 .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001700E4 .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00170120 .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0017015C .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00170198 .text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00170030 .text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0008006C .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000800A8 .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000801D4 .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000800E4 .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00080120 .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0008015C .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00080198 .text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00080030 .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001400A8 .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001400E4 .text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00140120 .text C:\Windows\system32\svchost.exe[920] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00140030 .text C:\Windows\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0014006C .text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 006400A8 .text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 006400E4 .text C:\Windows\System32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00640120 .text C:\Windows\System32\svchost.exe[988] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00640030 .text C:\Windows\System32\svchost.exe[988] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0064006C .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000B00A8 .text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B00E4 .text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000B0120 .text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000B0030 .text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000B006C .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00090030 .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0009006C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 000B006C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000B00A8 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000B01D4 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000B00E4 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 000B0120 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 000B015C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 000B0198 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 000B0030 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00F600A8 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00F600E4 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00F60120 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00F60030 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 00F6006C .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 004D00A8 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 004D00E4 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 004D0120 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 004D0030 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 004D006C .text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 006100A8 .text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 006100E4 .text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00610120 .text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00610030 .text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0061006C .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1308] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00150030 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0015006C .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002900A8 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002900E4 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00290120 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00290030 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0029006C .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 002B006C .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 002B00A8 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 002B01D4 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 002B00E4 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 002B0120 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 002B015C .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 002B0198 .text C:\Program Files\Thomson\ST330\service\st330service.exe[1328] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 002B0030 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Program Files\Mozilla Firefox\firefox.exe[1348] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1408] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002800A8 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002800E4 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00280120 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00280030 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0028006C .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1524] kernel32.dll!SetUnhandledExceptionFilter 7600A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Windows\system32\rundll32.exe[1564] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00060030 .text C:\Windows\system32\rundll32.exe[1564] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0006006C .text C:\Windows\system32\rundll32.exe[1564] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000700A8 .text C:\Windows\system32\rundll32.exe[1564] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000700E4 .text C:\Windows\system32\rundll32.exe[1564] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070120 .text C:\Windows\system32\rundll32.exe[1564] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00070030 .text C:\Windows\system32\rundll32.exe[1564] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0007006C .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0008006C .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000800A8 .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000801D4 .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000800E4 .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00080120 .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0008015C .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00080198 .text C:\Windows\system32\rundll32.exe[1564] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00080030 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00150030 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0015006C .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 001B006C .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001B00A8 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001B01D4 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001B00E4 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 001B0120 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 001B015C .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 001B0198 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 001B0030 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001C00A8 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001C00E4 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 001C0120 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001C0030 .text C:\Users\Borysław\Desktop\ymisiqls.exe[1648] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001C006C .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000900A8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000900E4 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00090120 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00090030 .text C:\Windows\SYSTEM32\WISPTIS.EXE[1656] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0009006C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1668] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00150030 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0015006C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0018006C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001800A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001801D4 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001800E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00180120 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0018015C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00180198 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00180030 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001900A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001900E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00190120 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00190030 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2152] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0019006C .text C:\Windows\system32\Dwm.exe[2176] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\Dwm.exe[2176] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\Dwm.exe[2176] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\Dwm.exe[2176] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\Dwm.exe[2176] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\Dwm.exe[2176] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\Dwm.exe[2176] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\Dwm.exe[2176] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\Explorer.EXE[2208] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\Explorer.EXE[2208] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\Explorer.EXE[2208] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\Explorer.EXE[2208] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\Explorer.EXE[2208] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\Explorer.EXE[2208] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\Explorer.EXE[2208] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\Explorer.EXE[2208] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\System32\mobsync.exe[2216] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\mobsync.exe[2216] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\mobsync.exe[2216] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\mobsync.exe[2216] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\System32\mobsync.exe[2216] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\System32\mobsync.exe[2216] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\System32\mobsync.exe[2216] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\System32\mobsync.exe[2216] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\taskeng.exe[2228] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\taskeng.exe[2228] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 001A006C .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001A00A8 .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001A01D4 .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001A00E4 .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 001A0120 .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 001A015C .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 001A0198 .text C:\Windows\system32\taskeng.exe[2228] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 001A0030 .text C:\Windows\system32\taskeng.exe[2228] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001B00A8 .text C:\Windows\system32\taskeng.exe[2228] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001B00E4 .text C:\Windows\system32\taskeng.exe[2228] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 001B0120 .text C:\Windows\system32\taskeng.exe[2228] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001B0030 .text C:\Windows\system32\taskeng.exe[2228] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001B006C .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\SYSTEM32\WISPTIS.EXE[2240] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[2252] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\taskeng.exe[2360] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\taskeng.exe[2360] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 000A006C .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000A00A8 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000A01D4 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000A00E4 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 000A0120 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 000A015C .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 000A0198 .text C:\Windows\system32\taskeng.exe[2360] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 000A0030 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000B00A8 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B00E4 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000B0120 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000B0030 .text C:\Windows\system32\taskeng.exe[2360] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000B006C .text C:\Program Files\QuickTime\QTTask.exe[2584] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\QuickTime\QTTask.exe[2584] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\QuickTime\QTTask.exe[2584] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000700A8 .text C:\Program Files\QuickTime\QTTask.exe[2584] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000700E4 .text C:\Program Files\QuickTime\QTTask.exe[2584] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070120 .text C:\Program Files\QuickTime\QTTask.exe[2584] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00070030 .text C:\Program Files\QuickTime\QTTask.exe[2584] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0007006C .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0008006C .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000800A8 .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000801D4 .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000800E4 .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00080120 .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0008015C .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00080198 .text C:\Program Files\QuickTime\QTTask.exe[2584] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00080030 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00150030 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0015006C .text C:\hp\HP Software Update\hpwuschd2.exe[2596] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001700A8 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001700E4 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170120 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00170030 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0017006C .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0018006C .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001800A8 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001801D4 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001800E4 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00180120 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0018015C .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00180198 .text C:\hp\HP Software Update\hpwuschd2.exe[2596] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00180030 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0008006C .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000800A8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000801D4 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000800E4 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00080120 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0008015C .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00080198 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00080030 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000900A8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000900E4 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00090120 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00090030 .text C:\Program Files\Windows Sidebar\sidebar.exe[2624] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0009006C .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] kernel32.dll!SetUnhandledExceptionFilter 7600A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0034006C .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 003400A8 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 003401D4 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 003400E4 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00340120 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0034015C .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00340198 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00340030 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 003500A8 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003500E4 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00350120 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00350030 .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2668] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0035006C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00150030 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0015006C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0017006C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001700A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001701D4 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001700E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00170120 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0017015C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00170198 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00170030 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001800A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001800E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00180120 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00180030 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2744] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0018006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00150030 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0015006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001700A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001700E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170120 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00170030 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0017006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0018006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001800A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001801D4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001800E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00180120 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0018015C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00180198 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3156] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00180030 .text C:\Windows\System32\svchost.exe[3164] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[3164] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 000B006C .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000B00A8 .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000B01D4 .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000B00E4 .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 000B0120 .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 000B015C .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 000B0198 .text C:\Windows\System32\svchost.exe[3164] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 000B0030 .text C:\Windows\System32\svchost.exe[3164] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 006A00A8 .text C:\Windows\System32\svchost.exe[3164] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 006A00E4 .text C:\Windows\System32\svchost.exe[3164] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 006A0120 .text C:\Windows\System32\svchost.exe[3164] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 006A0030 .text C:\Windows\System32\svchost.exe[3164] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 006A006C .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00160030 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0016006C .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0017006C .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001700A8 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001701D4 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001700E4 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00170120 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0017015C .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00170198 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00170030 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001800A8 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001800E4 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00180120 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00180030 .text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[3220] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0018006C .text C:\Windows\system32\svchost.exe[3344] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[3344] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[3344] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[3344] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00D900A8 .text C:\Windows\system32\svchost.exe[3344] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00D900E4 .text C:\Windows\system32\svchost.exe[3344] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00D90120 .text C:\Windows\system32\svchost.exe[3344] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00D90030 .text C:\Windows\system32\svchost.exe[3344] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 00D9006C .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00160030 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0016006C .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001700A8 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001700E4 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170120 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00170030 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0017006C .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0018006C .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001800A8 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001801D4 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001800E4 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00180120 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0018015C .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00180198 .text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[3384] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00180030 .text C:\Windows\System32\svchost.exe[3424] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[3424] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[3424] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[3424] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 006600A8 .text C:\Windows\System32\svchost.exe[3424] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 006600E4 .text C:\Windows\System32\svchost.exe[3424] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00660120 .text C:\Windows\System32\svchost.exe[3424] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00660030 .text C:\Windows\System32\svchost.exe[3424] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0066006C .text C:\Windows\System32\svchost.exe[3460] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[3460] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[3460] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[3480] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[3480] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[3480] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[3480] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001100A8 .text C:\Windows\system32\svchost.exe[3480] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001100E4 .text C:\Windows\system32\svchost.exe[3480] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00110120 .text C:\Windows\system32\svchost.exe[3480] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00110030 .text C:\Windows\system32\svchost.exe[3480] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0011006C .text C:\Windows\system32\svchost.exe[3496] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[3496] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00140030 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0014006C .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0016006C .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001600A8 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001601D4 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001600E4 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00160120 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0016015C .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00160198 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3520] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00160030 .text C:\Windows\System32\svchost.exe[3540] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[3540] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[3540] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00140030 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0014006C .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0016006C .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 001600A8 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 001601D4 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 001600E4 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00160120 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0016015C .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00160198 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00160030 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001700A8 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001700E4 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170120 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00170030 .text C:\Windows\System32\Drivers\WTSRV.EXE[3564] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0017006C .text C:\Windows\system32\SearchIndexer.exe[3620] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\SearchIndexer.exe[3620] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\SearchIndexer.exe[3620] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\SearchIndexer.exe[3620] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\SearchIndexer.exe[3620] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\SearchIndexer.exe[3620] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\SearchIndexer.exe[3620] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\SearchIndexer.exe[3620] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[3872] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[3872] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0008006C .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000800A8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000801D4 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000800E4 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00080120 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0008015C .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00080198 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00080030 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000900A8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000900E4 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00090120 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00090030 .text C:\Program Files\Windows Sidebar\sidebar.exe[3876] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0009006C .text C:\Windows\system32\WUDFHost.exe[3992] ntdll.dll!LdrLoadDll 773A93A8 5 Bytes JMP 00050030 .text C:\Windows\system32\WUDFHost.exe[3992] ntdll.dll!LdrUnloadDll 773BB740 5 Bytes JMP 0005006C .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!CreateServiceW 77019EB4 5 Bytes JMP 0007006C .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!DeleteService 7701A07E 5 Bytes JMP 000700A8 .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 77056CD9 5 Bytes JMP 000701D4 .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 77056DD9 5 Bytes JMP 000700E4 .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 77056F81 5 Bytes JMP 00070120 .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 77057099 5 Bytes JMP 0007015C .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 770571E1 5 Bytes JMP 00070198 .text C:\Windows\system32\WUDFHost.exe[3992] ADVAPI32.dll!CreateServiceA 770572A1 5 Bytes JMP 00070030 .text C:\Windows\system32\WUDFHost.exe[3992] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000800A8 .text C:\Windows\system32\WUDFHost.exe[3992] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000800E4 .text C:\Windows\system32\WUDFHost.exe[3992] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080120 .text C:\Windows\system32\WUDFHost.exe[3992] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00080030 .text C:\Windows\system32\WUDFHost.exe[3992] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 0008006C ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D2] \SystemRoot\System32\Drivers\spwl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E040] \SystemRoot\System32\Drivers\spwl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E7FC] \SystemRoot\System32\Drivers\spwl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0BE] \SystemRoot\System32\Drivers\spwl.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13C] \SystemRoot\System32\Drivers\spwl.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73597817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [735EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7359BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7358F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [735975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7358E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [735C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7359DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7358FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7358FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [735871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7361CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [735BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7358D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73586853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7358687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73592AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 869221F8 Device \Driver\volmgr \Device\VolMgrControl 8691F1F8 Device \Driver\usbuhci \Device\USBPDO-0 87AA71F8 Device \Driver\usbuhci \Device\USBPDO-1 87AA71F8 Device \Driver\usbuhci \Device\USBPDO-2 87AA71F8 Device \Driver\usbuhci \Device\USBPDO-3 87AA71F8 Device \Driver\usbehci \Device\USBPDO-4 87AFB500 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\volmgr \Device\HarddiskVolume1 8691F1F8 Device \Driver\volmgr \Device\HarddiskVolume2 8691F1F8 Device \Driver\cdrom \Device\CdRom0 87B281F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 869211F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 869211F8 Device \Driver\atapi \Device\Ide\IdePort0 869211F8 Device \Driver\atapi \Device\Ide\IdePort1 869211F8 Device \Driver\atapi \Device\Ide\IdePort2 869211F8 Device \Driver\atapi \Device\Ide\IdePort3 869211F8 Device \Driver\volmgr \Device\HarddiskVolume3 8691F1F8 Device \Driver\volmgr \Device\HarddiskVolume4 8691F1F8 Device \Driver\volmgr \Device\HarddiskVolume5 8691F1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 885ED1F8 Device \Driver\Smb \Device\NetbiosSmb 885E31F8 Device \Driver\netbt \Device\NetBT_Tcpip_{00F19A5B-5A3E-42DF-ACC3-0BB634E713D4} 885ED1F8 Device \Driver\USBSTOR \Device\00000154 885FF3D0 Device \Driver\USBSTOR \Device\00000155 885FF3D0 Device \Driver\iScsiPrt \Device\RaidPort0 87C5D1F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\USBSTOR \Device\00000156 885FF3D0 Device \Driver\USBSTOR \Device\00000157 885FF3D0 Device \Driver\USBSTOR \Device\00000158 885FF3D0 Device \Driver\usbuhci \Device\USBFDO-0 87AA71F8 Device \Driver\usbuhci \Device\USBFDO-1 87AA71F8 Device \Driver\usbuhci \Device\USBFDO-2 87AA71F8 Device \Driver\usbuhci \Device\USBFDO-3 87AA71F8 Device \Driver\usbehci \Device\USBFDO-4 87AFB500 Device \FileSystem\cdfs \Cdfs 862661F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x73 0x8E 0xBD 0xCA ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0x80 0x6D 0xB0 ... Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x8C 0x87 0x72 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Files - GMER 1.0.15 ---- File C:\TDSSKiller.2.5.21.0_12.09.2011_00.15.40_log.txt 18520 bytes ---- EOF - GMER 1.0.15 ----