GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-10-19 17:17:49 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542512K9SA00 rev.BB2OC32P Running: 8bherjsv.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\pxldqpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x900DE374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x900E0996] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x900E09EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x900E0B04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x900E08EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x900E0A3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x900E0940] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x900E0AB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x900DE398] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x900DE162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x900DE3BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x900E0EFC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x900DEE54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x900E09C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x900E0A16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x900E0B2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x900E0918] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x900E0A7E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x900E096E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x900E0ADC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x900DED1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x900DE3E0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x900DE404] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x900DE1BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x900DE2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x900DE2D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x900DE31C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x900DE428] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x906939A6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 340 822B9964 4 Bytes [74, E3, 0D, 90] .text ntkrnlpa.exe!KeSetTimerEx + 404 822B9A28 8 Bytes [96, 09, 0E, 90, EE, 09, 0E, ...] {XCHG ESI, EAX; OR [ESI], ECX; NOP ; OUT DX, AL ; OR [ESI], ECX; NOP } .text ntkrnlpa.exe!KeSetTimerEx + 410 822B9A34 4 Bytes [04, 0B, 0E, 90] {ADD AL, 0xb; PUSH CS; NOP } .text ntkrnlpa.exe!KeSetTimerEx + 428 822B9A4C 4 Bytes [EC, 08, 0E, 90] {IN AL, DX ; OR [ESI], CL; NOP } .text ntkrnlpa.exe!KeSetTimerEx + 448 822B9A6C 8 Bytes [3E, 0A, 0E, 90, 40, 09, 0E, ...] {OR CL, DS:[ESI]; NOP ; INC EAX; OR [ESI], ECX; NOP } .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 823E0D5E 5 Bytes JMP 9068F3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8241D666 4 Bytes CALL 900DF4C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8242CFC9 4 Bytes CALL 900DF4DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82449872 5 Bytes JMP 90690E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82495776 7 Bytes JMP 906939AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngCreateRectRgn + 51BE 992E4121 5 Bytes JMP 900E15E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 2098 992F7417 5 Bytes JMP 900E0FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + B50 9930ADFC 5 Bytes JMP 900E0F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F35 9930B1E1 5 Bytes JMP 900E1D7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCombineRgn + 3161 9930FB0F 5 Bytes JMP 900E11E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetRectRgn + 192F 993127DB 5 Bytes JMP 900E10DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 65CF 9931C989 5 Bytes JMP 900E14BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8742 9931EAFC 5 Bytes JMP 900E2118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + C760 9933C173 5 Bytes JMP 900E1326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + C833 9933C246 5 Bytes JMP 900E14CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3FBB 9935E250 5 Bytes JMP 900E1D0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 7DEF 99362084 5 Bytes JMP 900E114A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 442A 993745A4 5 Bytes JMP 900E1016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 9061 993791DB 5 Bytes JMP 900E1EFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 92BD 99379437 5 Bytes JMP 900E1FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 3838 9938D788 5 Bytes JMP 900E21BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 4D52 99395F06 5 Bytes JMP 900E1D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 17BC 9939FA3E 5 Bytes JMP 900E1E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 478A 993A64CD 5 Bytes JMP 900E1096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 40E 993C2D0A 5 Bytes JMP 900E1254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + CC9 993CCBE8 5 Bytes JMP 900E11AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 993D0720 5 Bytes JMP 900E2070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 30D9 993EA971 5 Bytes JMP 900E128E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[496] KERNEL32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\wininit.exe[540] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[540] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[540] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[540] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000603FC .text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[540] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00060A08 .text C:\Windows\system32\csrss.exe[548] KERNEL32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\winlogon.exe[580] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[580] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[580] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[580] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[580] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000603FC .text C:\Windows\system32\winlogon.exe[580] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[580] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00060A08 .text C:\Windows\system32\services.exe[616] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[616] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[616] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[616] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[616] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[616] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[616] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\system32\services.exe[616] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[616] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[632] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[632] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[632] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[632] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[632] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[632] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsm.exe[640] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[640] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[640] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[640] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 003803FC .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00380600 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00381014 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00380804 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00380A08 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00380C0C .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00380E10 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 003801F8 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00390804 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 003901F8 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 003903FC .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00390600 .text C:\Users\Piotr\Downloads\8bherjsv.exe[792] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00390A08 .text C:\Windows\system32\svchost.exe[816] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[816] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[816] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[816] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[888] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 001B0804 .text C:\Windows\system32\svchost.exe[888] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001B01F8 .text C:\Windows\system32\svchost.exe[888] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001B03FC .text C:\Windows\system32\svchost.exe[888] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 001B0600 .text C:\Windows\system32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 001B0A08 .text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00930804 .text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 009301F8 .text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 009303FC .text C:\Windows\System32\svchost.exe[924] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00930600 .text C:\Windows\System32\svchost.exe[924] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00930A08 .text C:\Windows\System32\svchost.exe[1012] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Windows\System32\svchost.exe[1012] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Windows\System32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Windows\System32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00D80804 .text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 00D801F8 .text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 00D803FC .text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00D80600 .text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00D80A08 .text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00BF0804 .text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 00BF01F8 .text C:\Windows\system32\svchost.exe[1092] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 00BF03FC .text C:\Windows\system32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00BF0600 .text C:\Windows\system32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00BF0A08 .text C:\Windows\system32\AUDIODG.EXE[1148] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1200] KERNEL32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 002203FC .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00220600 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00221014 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00220804 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00220A08 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00220C0C .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00220E10 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 002201F8 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00230804 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 002301F8 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 002303FC .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00230600 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1208] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00230A08 .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00C90804 .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 00C901F8 .text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 00C903FC .text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00C90600 .text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00C90A08 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00270804 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 002701F8 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 002703FC .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00270600 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00270A08 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 002803FC .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00280600 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00281014 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00280804 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00280A08 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00280C0C .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00280E10 .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[1240] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 002801F8 .text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 000F0804 .text C:\Windows\system32\svchost.exe[1428] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000F01F8 .text C:\Windows\system32\svchost.exe[1428] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000F03FC .text C:\Windows\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 000F0600 .text C:\Windows\system32\svchost.exe[1428] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000C03FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000C0600 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000C1014 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000C0804 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000C0A08 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000C0C0C .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000C0E10 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000C01F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 000D0804 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000D01F8 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000D03FC .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 000D0600 .text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1444] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 000D0A08 .text C:\Windows\system32\WLANExt.exe[1524] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Windows\system32\WLANExt.exe[1524] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Windows\system32\WLANExt.exe[1524] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\WLANExt.exe[1524] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Windows\system32\WLANExt.exe[1524] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 000C0804 .text C:\Windows\system32\WLANExt.exe[1524] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000C01F8 .text C:\Windows\system32\WLANExt.exe[1524] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000C03FC .text C:\Windows\system32\WLANExt.exe[1524] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 000C0600 .text C:\Windows\system32\WLANExt.exe[1524] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 000C0A08 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] kernel32.dll!SetUnhandledExceptionFilter 76D6700D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1924] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[1924] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[1924] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[1924] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 000D0804 .text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000D01F8 .text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000D03FC .text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 000D0600 .text C:\Windows\System32\spoolsv.exe[1924] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 000D0A08 .text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1952] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1952] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1952] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00A10804 .text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 00A101F8 .text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 00A103FC .text C:\Windows\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00A10600 .text C:\Windows\system32\svchost.exe[1952] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00A10A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001401F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001403FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001603FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00160600 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00161014 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00160804 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00160A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00160C0C .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00160E10 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001601F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe[1992] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Windows\system32\svchost.exe[2076] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2076] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2076] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2076] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 002B0804 .text C:\Windows\system32\svchost.exe[2076] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 002B01F8 .text C:\Windows\system32\svchost.exe[2076] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 002B03FC .text C:\Windows\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 002B0600 .text C:\Windows\system32\svchost.exe[2076] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 002B0A08 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00A20804 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 00A201F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 00A203FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00A20600 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2096] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00A20A08 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000D01F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000D03FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000F03FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000F0600 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000F1014 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000F0804 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000F0A08 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000F0C0C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000F0E10 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000F01F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00100804 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001001F8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001003FC .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00100600 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2112] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[2140] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[2140] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[2140] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[2172] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[2172] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[2172] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\Windows\System32\svchost.exe[2172] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Windows\system32\SearchIndexer.exe[2200] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[2200] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[2200] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[2200] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[2200] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[2200] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[2200] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\system32\SearchIndexer.exe[2200] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[2200] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001401F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001403FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001603FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00160600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00161014 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00160804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00160A08 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00160C0C .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00160E10 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001601F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Windows\system32\DRIVERS\xaudio.exe[2336] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2372] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\wbem\wmiprvse.exe[2440] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\system32\wbem\wmiprvse.exe[2440] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\wbem\wmiprvse.exe[2440] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\Explorer.exe[2484] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Windows\Explorer.exe[2484] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Windows\Explorer.exe[2484] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Windows\Explorer.exe[2484] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Windows\Explorer.exe[2484] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 000C0804 .text C:\Windows\Explorer.exe[2484] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000C01F8 .text C:\Windows\Explorer.exe[2484] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000C03FC .text C:\Windows\Explorer.exe[2484] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 000C0600 .text C:\Windows\Explorer.exe[2484] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 000C0A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00160804 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001601F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001603FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00160600 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00160A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001703FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00170600 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00171014 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00170804 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00170A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00170C0C .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00170E10 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe[2604] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001701F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 002103FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00210600 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00211014 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00210804 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00210A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00210C0C .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00210E10 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 002101F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00220804 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 002201F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 002203FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00220600 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe[2648] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00220A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 001E0804 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001E01F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001E03FC .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 001E0600 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 001E0A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 003F03FC .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 003F0600 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 003F1014 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 003F0804 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 003F0A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 003F0C0C .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 003F0E10 .text C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe[2680] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 003F01F8 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Bartek\programy\mozzilla\firefox.exe[2824] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Bartek\programy\mozzilla\firefox.exe[2824] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Bartek\programy\mozzilla\firefox.exe[2824] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\wuauclt.exe[2876] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000601F8 .text C:\Windows\system32\wuauclt.exe[2876] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000603FC .text C:\Windows\system32\wuauclt.exe[2876] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[2876] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00070804 .text C:\Windows\system32\wuauclt.exe[2876] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[2876] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[2876] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00070600 .text C:\Windows\system32\wuauclt.exe[2876] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00070A08 .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000803FC .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00080600 .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00081014 .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00080804 .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00080A08 .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00080C0C .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00080E10 .text C:\Windows\system32\wuauclt.exe[2876] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000801F8 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] USER32.dll!TrackPopupMenu 766D1417 5 Bytes JMP 68667D29 C:\Bartek\programy\mozzilla\xul.dll (Mozilla Foundation) .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Bartek\programy\mozzilla\plugin-container.exe[2960] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[3076] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[3076] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[3076] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[3076] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[3076] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3076] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[3076] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[3076] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3076] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\igfxsrvc.exe[3112] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Windows\system32\igfxsrvc.exe[3112] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Windows\system32\igfxsrvc.exe[3112] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\igfxsrvc.exe[3112] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Windows\system32\igfxsrvc.exe[3112] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Windows\system32\igfxsrvc.exe[3112] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Windows\system32\igfxsrvc.exe[3112] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Windows\system32\igfxsrvc.exe[3112] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\Windows\system32\igfxsrvc.exe[3112] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Windows\system32\Dwm.exe[3132] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Windows\system32\Dwm.exe[3132] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Windows\system32\Dwm.exe[3132] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\Dwm.exe[3132] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Windows\system32\Dwm.exe[3132] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 008C0804 .text C:\Windows\system32\Dwm.exe[3132] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 008C01F8 .text C:\Windows\system32\Dwm.exe[3132] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 008C03FC .text C:\Windows\system32\Dwm.exe[3132] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 008C0600 .text C:\Windows\system32\Dwm.exe[3132] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 008C0A08 .text C:\Windows\Explorer.EXE[3160] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[3160] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[3160] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\Explorer.EXE[3160] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\Explorer.EXE[3160] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\Explorer.EXE[3160] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\Explorer.EXE[3160] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Windows\system32\NOTEPAD.EXE[3304] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\NOTEPAD.EXE[3304] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\NOTEPAD.EXE[3304] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\NOTEPAD.EXE[3304] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\NOTEPAD.EXE[3304] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\system32\NOTEPAD.EXE[3304] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\NOTEPAD.EXE[3304] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\system32\NOTEPAD.EXE[3304] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\NOTEPAD.EXE[3304] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000903FC .text C:\Program Files\Windows Defender\MSASCui.exe[3308] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000B03FC .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 000B0600 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 000B1014 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 000B0804 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 000B0A08 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 000B0C0C .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 000B0E10 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000B01F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 000D0804 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000D01F8 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000D03FC .text C:\Program Files\Windows Defender\MSASCui.exe[3308] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 000D0600 .text C:\Program Files\Windows Defender\MSASCui.exe[3308] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 000D0A08 .text C:\WINDOWS\System32\igfxtray.exe[3324] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\WINDOWS\System32\igfxtray.exe[3324] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\WINDOWS\System32\igfxtray.exe[3324] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\WINDOWS\System32\igfxtray.exe[3324] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00180804 .text C:\WINDOWS\System32\igfxtray.exe[3324] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001801F8 .text C:\WINDOWS\System32\igfxtray.exe[3324] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001803FC .text C:\WINDOWS\System32\igfxtray.exe[3324] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00180600 .text C:\WINDOWS\System32\igfxtray.exe[3324] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00180A08 .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001903FC .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00190600 .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00191014 .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00190804 .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00190A08 .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00190C0C .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00190E10 .text C:\WINDOWS\System32\igfxtray.exe[3324] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001901F8 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00171014 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00170C0C .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00170E10 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00180804 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001803FC .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00180600 .text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3332] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00180A08 .text C:\WINDOWS\System32\hkcmd.exe[3340] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\WINDOWS\System32\hkcmd.exe[3340] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\WINDOWS\System32\hkcmd.exe[3340] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\WINDOWS\System32\hkcmd.exe[3340] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00380804 .text C:\WINDOWS\System32\hkcmd.exe[3340] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 003801F8 .text C:\WINDOWS\System32\hkcmd.exe[3340] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 003803FC .text C:\WINDOWS\System32\hkcmd.exe[3340] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00380600 .text C:\WINDOWS\System32\hkcmd.exe[3340] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00380A08 .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 003903FC .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00390600 .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00391014 .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00390804 .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00390A08 .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00390C0C .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00390E10 .text C:\WINDOWS\System32\hkcmd.exe[3340] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 003901F8 .text C:\WINDOWS\System32\igfxpers.exe[3364] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\WINDOWS\System32\igfxpers.exe[3364] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\WINDOWS\System32\igfxpers.exe[3364] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\WINDOWS\System32\igfxpers.exe[3364] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\WINDOWS\System32\igfxpers.exe[3364] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\WINDOWS\System32\igfxpers.exe[3364] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\WINDOWS\System32\igfxpers.exe[3364] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\WINDOWS\System32\igfxpers.exe[3364] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\WINDOWS\System32\igfxpers.exe[3364] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3392] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001603FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00160600 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00161014 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00160804 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00160A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00160C0C .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00160E10 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001601F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe[3424] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 001D0804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001D01F8 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001D03FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 001D0600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 001D0A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001E03FC .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 001E0600 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 001E1014 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 001E0804 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 001E0A08 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 001E0C0C .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 001E0E10 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3428] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001E01F8 .text C:\Program Files\Winamp\winampa.exe[3492] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000801F8 .text C:\Program Files\Winamp\winampa.exe[3492] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000803FC .text C:\Program Files\Winamp\winampa.exe[3492] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[3492] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 001A0804 .text C:\Program Files\Winamp\winampa.exe[3492] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001A01F8 .text C:\Program Files\Winamp\winampa.exe[3492] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001A03FC .text C:\Program Files\Winamp\winampa.exe[3492] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 001A0600 .text C:\Program Files\Winamp\winampa.exe[3492] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 001A0A08 .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001C03FC .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 001C0600 .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 001C1014 .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 001C0804 .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 001C0A08 .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 001C0C0C .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 001C0E10 .text C:\Program Files\Winamp\winampa.exe[3492] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001C01F8 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[3508] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001703FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00170600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00171014 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00170804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00170A08 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00170C0C .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00170E10 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001701F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00280804 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 002801F8 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 002803FC .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00280600 .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3516] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00280A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000401F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000403FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000603FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00060600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00061014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00060804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00060A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00060C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00060E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000601F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00070804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000701F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000703FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00070600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3580] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3584] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[3584] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[3584] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[3584] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[3584] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[3584] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[3584] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[3584] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[3584] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3736] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00270804 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 002701F8 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 002703FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00270600 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00270A08 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 002803FC .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00280600 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00281014 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00280804 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00280A08 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00280C0C .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00280E10 .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3820] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 002801F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00160804 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001601F8 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001603FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00160600 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00160A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001703FC .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00170600 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00171014 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00170804 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00170A08 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00170C0C .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00170E10 .text C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe[3872] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001701F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001501F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001503FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00160804 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001601F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001603FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00160600 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00160A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001703FC .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00170600 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00171014 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00170804 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00170A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00170C0C .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00170E10 .text C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe[3876] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001701F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3888] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 000703FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00070600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00071014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00070804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00070A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00070C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00070E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 000701F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00080804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 000801F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 000803FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00080600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3928] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00080A08 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 000501F8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 000503FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00170804 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 001701F8 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 001703FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00170600 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00170A08 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 001803FC .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00180600 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00181014 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00180804 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00180A08 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00180C0C .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00180E10 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3980] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 001801F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ntdll.dll!LdrLoadDll 77A379B3 5 Bytes JMP 001601F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ntdll.dll!LdrUnloadDll 77A4E5AC 5 Bytes JMP 001603FC .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] kernel32.dll!GetBinaryTypeW + 70 76D91CE8 1 Byte [62] .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!CreateServiceW 762C38FF 5 Bytes JMP 002103FC .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!DeleteService 762C3BEE 5 Bytes JMP 00210600 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 763066A9 5 Bytes JMP 00211014 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 763067A9 5 Bytes JMP 00210804 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 76306951 5 Bytes JMP 00210A08 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 76306A69 5 Bytes JMP 00210C0C .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 76306BB1 5 Bytes JMP 00210E10 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] ADVAPI32.dll!CreateServiceA 76306C71 5 Bytes JMP 002101F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] USER32.dll!SetWindowsHookExW 766B7B69 5 Bytes JMP 00220804 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] USER32.dll!SetWinEventHook 766B915C 5 Bytes JMP 002201F8 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] USER32.dll!UnhookWinEvent 766BB702 5 Bytes JMP 002203FC .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] USER32.dll!SetWindowsHookExA 766DBB0E 5 Bytes JMP 00220600 .text C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe[4004] USER32.dll!UnhookWindowsHookEx 766E08BE 5 Bytes JMP 00220A08 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002 IAT C:\Windows\system32\services.exe[616] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000 IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [74A78864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [74AB9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74A7B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74A6FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74A77A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74A6EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74AAB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74A7BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [74A70756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [74A706BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [74A671B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74AFD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74A97329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74A6E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [74A6697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [74A669A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[2484] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74A72475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A78864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74AB9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A7B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A6FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A77A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A6EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74AAB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A7BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A70756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A706BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A671B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74AFD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A97329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A6E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A6697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A669A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A72475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060eb88f5 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060eb88f5@0012d18be279 0x85 0xAB 0x17 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Bartek\programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEB 0xF4 0xB8 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x4A 0x2B 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xDD 0x2A 0xC5 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060eb88f5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060eb88f5@0012d18be279 0x85 0xAB 0x17 0x3B ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Bartek\programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEB 0xF4 0xB8 0xC3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x75 0x4A 0x2B 0x72 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xDD 0x2A 0xC5 ... ---- EOF - GMER 1.0.15 ----