GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-03-19 10:30:36 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3500413AS rev.JC4B Running: wy10x1m0.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pgldqpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAddBootEntry [0xB41AE374] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwAllocateVirtualMemory [0xB423D2B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwClose [0xB41D2829] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEvent [0xB41B0996] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEventPair [0xB41B09EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateIoCompletion [0xB41B0B04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateKey [0xB41D21DD] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateMutant [0xB41B08EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSection [0xB41B0A3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSemaphore [0xB41B0940] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateTimer [0xB41B0AB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteBootEntry [0xB41AE398] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteKey [0xB41D2EEF] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteValueKey [0xB41D31A5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDuplicateObject [0xB41B0D88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateKey [0xB41D2D5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwEnumerateValueKey [0xB41D2BC5] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwFreeVirtualMemory [0xB423D368] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwLoadDriver [0xB41AE162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwModifyBootEntry [0xB41AE3BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeKey [0xB41B0EFC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeMultipleKeys [0xB41AEE54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEvent [0xB41B09C6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEventPair [0xB41B0A16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenIoCompletion [0xB41B0B2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenKey [0xB41D2539] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenMutant [0xB41B0918] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenProcess [0xB41B0BC0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSection [0xB41B0A7E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSemaphore [0xB41B096E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenThread [0xB41B0CA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenTimer [0xB41B0ADC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwProtectVirtualMemory [0xB423D400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryKey [0xB41D2A40] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryObject [0xB41AED1A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryValueKey [0xB41D2892] SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRenameKey [0xB42456E2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwRestoreKey [0xB41D1850] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootEntryOrder [0xB41AE3E0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootOptions [0xB41AE404] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemInformation [0xB41AE1BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemPowerState [0xB41AE2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetValueKey [0xB41D2FF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwShutdownSystem [0xB41AE2D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSystemDebugControl [0xB41AE31C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwVdmControl [0xB41AE428] ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A50C2 4 Bytes CALL B41AF4AF \SystemRoot\System32\Drivers\aswSnx.SYS .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6B083A0, 0x88C445, 0xE8000020] ? System32\Drivers\aswTdi.SYS System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\aswRdr.SYS System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\aswSP.SYS System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\aswSnx.SYS System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\Aavmker4.SYS System nie może odnaleźć określonej ścieżki. ! .text win32k.sys!EngFreeUserMem + 674 BF80A178 5 Bytes JMP B41B1E48 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngDeleteSurface + 45 BF80FB23 5 Bytes JMP B41B1D54 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 3228 BF81E8E3 5 Bytes JMP B41B1016 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngSetLastError + 7658 BF828813 5 Bytes JMP B41B10DA \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngCreateBitmap + 698 BF8386F2 5 Bytes JMP B41B1FB2 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngCreateBitmap + BB6 BF838C10 5 Bytes JMP B41B1CC4 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngCreateBitmap + 3605 BF83B65F 5 Bytes JMP B41B21BA \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngCreateBitmap + E613 BF84666D 5 Bytes JMP B41B1D7E \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!FONTOBJ_pxoGetXform + 8B32 BF866C76 5 Bytes JMP B41B114A \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!FONTOBJ_pxoGetXform + D825 BF86B969 5 Bytes JMP B41B1326 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!FONTOBJ_pxoGetXform + D8B0 BF86B9F4 5 Bytes JMP B41B14CC \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!XLATEOBJ_iXlate + 23AD BF881872 5 Bytes JMP B41B1EFA \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngGetCurrentCodePage + 413A BF89A6AC 5 Bytes JMP B41B14A4 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngGradientFill + 1899 BF8BA057 5 Bytes JMP B41B0FFE \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngGradientFill + 35F1 BF8BBDAF 5 Bytes JMP B41B2118 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngAlphaBlend + 3E8 BF8C33AB 5 Bytes JMP B41B11E4 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8EDB64 5 Bytes JMP B41B0F32 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!PATHOBJ_bCloseFigure + D4CD BF8F9663 3 Bytes JMP B41B1254 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!PATHOBJ_bCloseFigure + D4D1 BF8F9667 1 Byte [F4] .text win32k.sys!PATHOBJ_bCloseFigure + D74D BF8F98E3 5 Bytes JMP B41B128E \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngCreateClip + 1994 BF9121C0 5 Bytes JMP B41B1096 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngCreateClip + 2568 BF912D94 5 Bytes JMP B41B11AE \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngCreateClip + 4EC2 BF9156EE 5 Bytes JMP B41B15E6 \SystemRoot\System32\Drivers\aswSnx.SYS .text win32k.sys!EngPlgBlt + 1931 BF94312D 5 Bytes JMP B41B2070 \SystemRoot\System32\Drivers\aswSnx.SYS ? System32\Drivers\aswFsBlk.SYS System nie może odnaleźć określonej ścieżki. ! ? System32\Drivers\aswMon2.SYS System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\spoolsv.exe[156] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 016E24A0 .text C:\WINDOWS\system32\spoolsv.exe[156] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 016E2740 .text C:\WINDOWS\system32\spoolsv.exe[156] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 016EC9DA .text C:\WINDOWS\system32\spoolsv.exe[156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 016EC896 .text C:\WINDOWS\system32\spoolsv.exe[156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[156] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016E11C0 .text C:\WINDOWS\system32\spoolsv.exe[156] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 016E1400 .text C:\WINDOWS\system32\spoolsv.exe[156] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 016E2400 .text C:\WINDOWS\system32\spoolsv.exe[156] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 016E1000 .text C:\WINDOWS\system32\spoolsv.exe[156] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 016E10A0 .text C:\WINDOWS\system32\spoolsv.exe[156] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 016E23A0 .text C:\WINDOWS\system32\spoolsv.exe[156] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 016E2D30 .text C:\WINDOWS\system32\spoolsv.exe[156] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 016E2B90 .text C:\WINDOWS\system32\spoolsv.exe[156] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 016E1B60 .text C:\WINDOWS\system32\spoolsv.exe[156] WS2_32.dll!send 71A5428A 5 Bytes JMP 016E2E90 .text C:\WINDOWS\system32\spoolsv.exe[156] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 016E1CF0 .text C:\WINDOWS\system32\spoolsv.exe[156] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 016E21B0 .text C:\WINDOWS\system32\spoolsv.exe[156] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 016E1F50 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E024A0 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E02740 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E0C9DA .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E0C896 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E011C0 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00E01400 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00E02400 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00E01000 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00E010A0 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00E023A0 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00E02D30 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00E02B90 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00E01CF0 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00E021B0 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00E01F50 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E01B60 .text C:\Program Files\Application Updater\ApplicationUpdater.exe[400] ws2_32.dll!send 71A5428A 5 Bytes JMP 00E02E90 .text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009F24A0 .text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009F2740 .text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 009FC9DA .text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009FC896 .text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009F11C0 .text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 009F1400 .text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 009F2400 .text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 009F1000 .text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 009F10A0 .text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 009F23A0 .text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 009F2D30 .text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 009F2B90 .text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 009F1CF0 .text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 009F21B0 .text C:\WINDOWS\system32\svchost.exe[524] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 009F1F50 .text C:\WINDOWS\system32\svchost.exe[524] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009F1B60 .text C:\WINDOWS\system32\svchost.exe[524] WS2_32.dll!send 71A5428A 5 Bytes JMP 009F2E90 .text C:\WINDOWS\System32\smss.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[744] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 017524A0 .text C:\WINDOWS\system32\RunDLL32.exe[744] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01752740 .text C:\WINDOWS\system32\RunDLL32.exe[744] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0175C9DA .text C:\WINDOWS\system32\RunDLL32.exe[744] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0175C896 .text C:\WINDOWS\system32\RunDLL32.exe[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[744] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 017511C0 .text C:\WINDOWS\system32\RunDLL32.exe[744] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01751400 .text C:\WINDOWS\system32\RunDLL32.exe[744] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01752400 .text C:\WINDOWS\system32\RunDLL32.exe[744] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01751000 .text C:\WINDOWS\system32\RunDLL32.exe[744] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 017510A0 .text C:\WINDOWS\system32\RunDLL32.exe[744] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 017523A0 .text C:\WINDOWS\system32\RunDLL32.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01752D30 .text C:\WINDOWS\system32\RunDLL32.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01752B90 .text C:\WINDOWS\system32\RunDLL32.exe[744] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01751B60 .text C:\WINDOWS\system32\RunDLL32.exe[744] WS2_32.dll!send 71A5428A 5 Bytes JMP 01752E90 .text C:\WINDOWS\system32\RunDLL32.exe[744] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 01751CF0 .text C:\WINDOWS\system32\RunDLL32.exe[744] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 017521B0 .text C:\WINDOWS\system32\RunDLL32.exe[744] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 01751F50 .text C:\WINDOWS\system32\csrss.exe[764] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 013B24A0 .text C:\WINDOWS\system32\csrss.exe[764] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 013B2740 .text C:\WINDOWS\system32\csrss.exe[764] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 013BC9DA .text C:\WINDOWS\system32\csrss.exe[764] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 013BC896 .text C:\WINDOWS\system32\csrss.exe[764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 013B11C0 .text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateFileW 7C810780 5 Bytes JMP 013B1400 .text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!MoveFileW 7C8211D1 5 Bytes JMP 013B2400 .text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CopyFileA 7C82865E 5 Bytes JMP 013B1000 .text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 013B10A0 .text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!MoveFileA 7C835E17 5 Bytes JMP 013B23A0 .text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 013B2D30 .text C:\WINDOWS\system32\csrss.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 013B2B90 .text C:\WINDOWS\system32\csrss.exe[764] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 013B1CF0 .text C:\WINDOWS\system32\csrss.exe[764] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 013B21B0 .text C:\WINDOWS\system32\csrss.exe[764] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 013B1F50 .text C:\WINDOWS\system32\csrss.exe[764] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013B1B60 .text C:\WINDOWS\system32\csrss.exe[764] WS2_32.dll!send 71A5428A 5 Bytes JMP 013B2E90 .text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E124A0 .text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E12740 .text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E1C9DA .text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E1C896 .text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E111C0 .text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00E11400 .text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00E12400 .text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00E11000 .text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00E110A0 .text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00E123A0 .text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00E12D30 .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00E12B90 .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00581014 .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00580804 .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00580A08 .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00580C0C .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00580E10 .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 005801F8 .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 005803FC .text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00580600 .text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00590A08 .text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00590804 .text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00590600 .text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 005901F8 .text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 005903FC .text C:\WINDOWS\system32\winlogon.exe[792] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E11B60 .text C:\WINDOWS\system32\winlogon.exe[792] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E12E90 .text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00E11CF0 .text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00E121B0 .text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00E11F50 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01C224A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01C22740 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01C2C9DA .text C:\Program Files\Java\jre6\bin\jqs.exe[812] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01C2C896 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01C211C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01C21400 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01C22400 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01C21000 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 01C210A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 01C223A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01C21B60 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] WS2_32.dll!send 71A5428A 5 Bytes JMP 01C22E90 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01C22D30 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01C22B90 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 01C21CF0 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 01C221B0 .text C:\Program Files\Java\jre6\bin\jqs.exe[812] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 01C21F50 .text C:\WINDOWS\system32\services.exe[836] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 012E24A0 .text C:\WINDOWS\system32\services.exe[836] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 012E2740 .text C:\WINDOWS\system32\services.exe[836] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 012EC9DA .text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 012EC896 .text C:\WINDOWS\system32\services.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[836] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012E11C0 .text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 012E1400 .text C:\WINDOWS\system32\services.exe[836] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 012E2400 .text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 012E1000 .text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 012E10A0 .text C:\WINDOWS\system32\services.exe[836] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 012E23A0 .text C:\WINDOWS\system32\services.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 012E2D30 .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 012E2B90 .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[836] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[836] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[836] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012E1B60 .text C:\WINDOWS\system32\services.exe[836] WS2_32.dll!send 71A5428A 5 Bytes JMP 012E2E90 .text C:\WINDOWS\system32\services.exe[836] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 012E1CF0 .text C:\WINDOWS\system32\services.exe[836] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 012E21B0 .text C:\WINDOWS\system32\services.exe[836] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 012E1F50 .text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[848] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[848] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[848] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\Program Files\Vtune\TBPanel.exe[992] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D624A0 .text C:\Program Files\Vtune\TBPanel.exe[992] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62740 .text C:\Program Files\Vtune\TBPanel.exe[992] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00D6C9DA .text C:\Program Files\Vtune\TBPanel.exe[992] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00D6C896 .text C:\Program Files\Vtune\TBPanel.exe[992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Vtune\TBPanel.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D611C0 .text C:\Program Files\Vtune\TBPanel.exe[992] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00D61400 .text C:\Program Files\Vtune\TBPanel.exe[992] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00D62400 .text C:\Program Files\Vtune\TBPanel.exe[992] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00D61000 .text C:\Program Files\Vtune\TBPanel.exe[992] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00D610A0 .text C:\Program Files\Vtune\TBPanel.exe[992] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00D623A0 .text C:\Program Files\Vtune\TBPanel.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Vtune\TBPanel.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00D62D30 .text C:\Program Files\Vtune\TBPanel.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00D62B90 .text C:\Program Files\Vtune\TBPanel.exe[992] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00D61CF0 .text C:\Program Files\Vtune\TBPanel.exe[992] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00D621B0 .text C:\Program Files\Vtune\TBPanel.exe[992] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00D61F50 .text C:\Program Files\Vtune\TBPanel.exe[992] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D61B60 .text C:\Program Files\Vtune\TBPanel.exe[992] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D62E90 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E124A0 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E12740 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00E1C9DA .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E1C896 .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E111C0 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00E11400 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00E12400 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00E11000 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00E110A0 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00E123A0 .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00E12D30 .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00E12B90 .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E11B60 .text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E12E90 .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00E11CF0 .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00E121B0 .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00E11F50 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 020A24A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 020A2740 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 020AC9DA .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 020AC896 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 020A11C0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 020A1400 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 020A2400 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 020A1000 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 020A10A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 020A23A0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 020A2D30 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 020A2B90 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 020A1CF0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 020A21B0 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 020A1F50 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 020A1B60 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1068] WS2_32.dll!send 71A5428A 5 Bytes JMP 020A2E90 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F024A0 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F02740 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00F0C9DA .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F0C896 .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F011C0 .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00F01400 .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00F02400 .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00F01000 .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00F010A0 .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00F023A0 .text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00F02D30 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00F02B90 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F01B60 .text C:\WINDOWS\system32\svchost.exe[1080] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F02E90 .text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00F01CF0 .text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetWriteFile 43643665 3 Bytes JMP 00F021B0 .text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!InternetWriteFile + 4 43643669 1 Byte [BD] .text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!HttpSendRequestW 43651028 3 Bytes JMP 00F01F50 .text C:\WINDOWS\system32\svchost.exe[1080] WININET.dll!HttpSendRequestW + 4 4365102C 1 Byte [BD] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 013B24A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 013B2740 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 013BC9DA .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 013BC896 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013B11C0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 013B1400 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 013B2400 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 013B1000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 013B10A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 013B23A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 013B2D30 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 013B2B90 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 013B1CF0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 013B21B0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 013B1F50 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013B1B60 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1128] WS2_32.dll!send 71A5428A 5 Bytes JMP 013B2E90 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 016A24A0 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 016A2740 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 016AC9DA .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 016AC896 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 016A11C0 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 016A1400 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 016A2400 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 016A1000 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 016A10A0 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 016A23A0 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 016A2D30 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 016A2B90 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 016A1CF0 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 016A21B0 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 016A1F50 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 016A1B60 .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[1140] ws2_32.dll!send 71A5428A 5 Bytes JMP 016A2E90 .text C:\WINDOWS\system32\rundll32.exe[1156] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 013124A0 .text C:\WINDOWS\system32\rundll32.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01312740 .text C:\WINDOWS\system32\rundll32.exe[1156] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0131C9DA .text C:\WINDOWS\system32\rundll32.exe[1156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0131C896 .text C:\WINDOWS\system32\rundll32.exe[1156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1156] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 013111C0 .text C:\WINDOWS\system32\rundll32.exe[1156] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01311400 .text C:\WINDOWS\system32\rundll32.exe[1156] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01312400 .text C:\WINDOWS\system32\rundll32.exe[1156] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01311000 .text C:\WINDOWS\system32\rundll32.exe[1156] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 013110A0 .text C:\WINDOWS\system32\rundll32.exe[1156] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 013123A0 .text C:\WINDOWS\system32\rundll32.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01312D30 .text C:\WINDOWS\system32\rundll32.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01312B90 .text C:\WINDOWS\system32\rundll32.exe[1156] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 01311CF0 .text C:\WINDOWS\system32\rundll32.exe[1156] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 013121B0 .text C:\WINDOWS\system32\rundll32.exe[1156] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 01311F50 .text C:\WINDOWS\system32\rundll32.exe[1156] WS2_32.dll!GetAddrInfoW 71A52899 3 Bytes JMP 01311B60 .text C:\WINDOWS\system32\rundll32.exe[1156] WS2_32.dll!GetAddrInfoW + 4 71A5289D 1 Byte [8F] .text C:\WINDOWS\system32\rundll32.exe[1156] WS2_32.dll!send 71A5428A 3 Bytes JMP 01312E90 .text C:\WINDOWS\system32\rundll32.exe[1156] WS2_32.dll!send + 4 71A5428E 1 Byte [8F] .text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01FC24A0 .text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01FC2740 .text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01FCC9DA .text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01FCC896 .text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01FC11C0 .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01FC1400 .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01FC2400 .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01FC1000 .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 01FC10A0 .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 01FC23A0 .text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01FC2D30 .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01FC2B90 .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1168] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1168] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01FC1B60 .text C:\WINDOWS\System32\svchost.exe[1168] WS2_32.dll!send 71A5428A 5 Bytes JMP 01FC2E90 .text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 01FC1CF0 .text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 01FC21B0 .text C:\WINDOWS\System32\svchost.exe[1168] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 01FC1F50 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 040A24A0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 040A2740 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 040AC9DA .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 040AC896 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 040A11C0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 040A1400 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 040A2400 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 040A1000 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 040A10A0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 040A23A0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 040A2D30 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 040A2B90 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 040A1B60 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] WS2_32.dll!send 71A5428A 5 Bytes JMP 040A2E90 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 040A1CF0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 040A21B0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1196] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 040A1F50 .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00B624A0 .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B62740 .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00B6C9DA .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B6C896 .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B611C0 .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00B61400 .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00B62400 .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00B61000 .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00B610A0 .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00B623A0 .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00B62D30 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00B62B90 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00B61CF0 .text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00B621B0 .text C:\WINDOWS\system32\svchost.exe[1208] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00B61F50 .text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B61B60 .text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!send 71A5428A 5 Bytes JMP 00B62E90 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00BC24A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BC2740 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00BCC9DA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00BCC896 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BC11C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00BC1400 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00BC2400 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00BC1000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00BC10A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00BC23A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00BC2D30 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00BC2B90 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00BC1CF0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00BC21B0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00BC1F50 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BC1B60 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1272] WS2_32.dll!send 71A5428A 5 Bytes JMP 00BC2E90 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009524A0 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00952740 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0095C9DA .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0095C896 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009511C0 .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00951400 .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00952400 .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00951000 .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 009510A0 .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 009523A0 .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00952D30 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00952B90 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00951B60 .text C:\WINDOWS\system32\svchost.exe[1292] WS2_32.dll!send 71A5428A 5 Bytes JMP 00952E90 .text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00951CF0 .text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 009521B0 .text C:\WINDOWS\system32\svchost.exe[1292] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00951F50 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00CD24A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CD2740 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00CDC9DA .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00CDC896 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CD11C0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00CD1400 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00CD2400 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00CD1000 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00CD10A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00CD23A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00CD2D30 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00CD2B90 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00CD1CF0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00CD21B0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00CD1F50 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CD1B60 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1300] WS2_32.dll!send 71A5428A 5 Bytes JMP 00CD2E90 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 015724A0 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01572740 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0157C9DA .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0157C896 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015711C0 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01571400 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01572400 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01571000 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 015710A0 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 015723A0 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01572D30 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01572B90 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 01571CF0 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 015721B0 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 01571F50 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01571B60 .text C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe[1324] ws2_32.dll!send 71A5428A 5 Bytes JMP 01572E90 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007D24A0 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007D2740 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 007DC9DA .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007DC896 .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007D11C0 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 007D1400 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 007D2400 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 007D1000 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 007D10A0 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 007D23A0 .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 007D2D30 .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 007D2B90 .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E26BE1 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E26CC9 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E26E61 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E26F61 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E26FE9 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E27071 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 77E27209 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 77E27311 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 7E370DD3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 7E37E4BF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 7E381201 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 7E3817E7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 7E38189C 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007D1B60 .text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!send 71A5428A 5 Bytes JMP 007D2E90 .text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 007D1CF0 .text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 007D21B0 .text C:\WINDOWS\system32\svchost.exe[1412] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 007D1F50 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 003D24A0 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003D2740 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 003DC9DA .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003DC896 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003D11C0 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 003D1400 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 003D2400 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 003D1000 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 003D10A0 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 003D23A0 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 003D2D30 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 003D2B90 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 003D1CF0 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 003D21B0 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 003D1F50 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 003D1B60 .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1500] WS2_32.dll!send 71A5428A 5 Bytes JMP 003D2E90 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011924A0 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01192740 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0119C9DA .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0119C896 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011911C0 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01191400 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 01192400 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 01191000 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 011910A0 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 011923A0 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01192D30 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01192B90 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01191B60 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] WS2_32.dll!send 71A5428A 5 Bytes JMP 01192E90 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 01191CF0 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 011921B0 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1592] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 01191F50 .text C:\WINDOWS\system32\ctfmon.exe[1760] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C224A0 .text C:\WINDOWS\system32\ctfmon.exe[1760] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C22740 .text C:\WINDOWS\system32\ctfmon.exe[1760] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00C2C9DA .text C:\WINDOWS\system32\ctfmon.exe[1760] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00C2C896 .text C:\WINDOWS\system32\ctfmon.exe[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C211C0 .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00C21400 .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00C22400 .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00C21000 .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00C210A0 .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00C223A0 .text C:\WINDOWS\system32\ctfmon.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00C22D30 .text C:\WINDOWS\system32\ctfmon.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00C22B90 .text C:\WINDOWS\system32\ctfmon.exe[1760] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00C21CF0 .text C:\WINDOWS\system32\ctfmon.exe[1760] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00C221B0 .text C:\WINDOWS\system32\ctfmon.exe[1760] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00C21F50 .text C:\WINDOWS\system32\ctfmon.exe[1760] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C21B60 .text C:\WINDOWS\system32\ctfmon.exe[1760] WS2_32.dll!send 71A5428A 5 Bytes JMP 00C22E90 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00B324A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B32740 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00B3C9DA .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B3C896 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B311C0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00B31400 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00B32400 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00B31000 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 00B310A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 00B323A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B31B60 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] WS2_32.dll!send 71A5428A 5 Bytes JMP 00B32E90 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00B32D30 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00B32B90 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00B31CF0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 00B321B0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1768] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00B31F50 .text C:\Program Files\Opera\opera.exe[1828] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001624A0 .text C:\Program Files\Opera\opera.exe[1828] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00162740 .text C:\Program Files\Opera\opera.exe[1828] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0016C9DA .text C:\Program Files\Opera\opera.exe[1828] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0016C896 .text C:\Program Files\Opera\opera.exe[1828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Opera\opera.exe[1828] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\Opera\opera.exe[1828] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00161400 .text C:\Program Files\Opera\opera.exe[1828] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00162400 .text C:\Program Files\Opera\opera.exe[1828] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00161000 .text C:\Program Files\Opera\opera.exe[1828] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 001610A0 .text C:\Program Files\Opera\opera.exe[1828] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 001623A0 .text C:\Program Files\Opera\opera.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Opera\opera.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00162D30 .text C:\Program Files\Opera\opera.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00162B90 .text C:\Program Files\Opera\opera.exe[1828] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00161CF0 .text C:\Program Files\Opera\opera.exe[1828] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 001621B0 .text C:\Program Files\Opera\opera.exe[1828] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00161F50 .text C:\Program Files\Opera\opera.exe[1828] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161B60 .text C:\Program Files\Opera\opera.exe[1828] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162E90 .text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 038E24A0 .text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 038E2740 .text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 038EC9DA .text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 038EC896 .text C:\WINDOWS\Explorer.EXE[1924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 038E11C0 .text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 038E1400 .text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 038E2400 .text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 038E1000 .text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 038E10A0 .text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 038E23A0 .text C:\WINDOWS\Explorer.EXE[1924] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 038E2D30 .text C:\WINDOWS\Explorer.EXE[1924] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 038E2B90 .text C:\WINDOWS\Explorer.EXE[1924] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 038E1CF0 .text C:\WINDOWS\Explorer.EXE[1924] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 038E21B0 .text C:\WINDOWS\Explorer.EXE[1924] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 038E1F50 .text C:\WINDOWS\Explorer.EXE[1924] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 038E1B60 .text C:\WINDOWS\Explorer.EXE[1924] ws2_32.dll!send 71A5428A 5 Bytes JMP 038E2E90 .text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 006E24A0 .text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 006E2740 .text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 006EC9DA .text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006EC896 .text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006E11C0 .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 006E1400 .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 006E2400 .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 006E1000 .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 006E10A0 .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 006E23A0 .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 006E2D30 .text C:\WINDOWS\System32\svchost.exe[2120] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 006E2B90 .text C:\WINDOWS\System32\svchost.exe[2120] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006E1B60 .text C:\WINDOWS\System32\svchost.exe[2120] WS2_32.dll!send 71A5428A 5 Bytes JMP 006E2E90 .text C:\WINDOWS\System32\svchost.exe[2120] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 006E1CF0 .text C:\WINDOWS\System32\svchost.exe[2120] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 006E21B0 .text C:\WINDOWS\System32\svchost.exe[2120] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 006E1F50 .text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001624A0 .text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00162740 .text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0016C9DA .text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0016C896 .text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00161400 .text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00162400 .text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00161000 .text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 001610A0 .text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00162D30 .text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00162B90 .text C:\WINDOWS\system32\nvsvc32.exe[2372] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00161CF0 .text C:\WINDOWS\system32\nvsvc32.exe[2372] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 001621B0 .text C:\WINDOWS\system32\nvsvc32.exe[2372] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00161F50 .text C:\WINDOWS\system32\nvsvc32.exe[2372] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161B60 .text C:\WINDOWS\system32\nvsvc32.exe[2372] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162E90 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001624A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00162740 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0016C9DA .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0016C896 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00161400 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00162400 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00161000 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 001610A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 001623A0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00162D30 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00162B90 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00161CF0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 001621B0 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00161F50 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161B60 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2792] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162E90 .text C:\WINDOWS\System32\svchost.exe[2812] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A24A0 .text C:\WINDOWS\System32\svchost.exe[2812] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A2740 .text C:\WINDOWS\System32\svchost.exe[2812] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000AC9DA .text C:\WINDOWS\System32\svchost.exe[2812] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000AC896 .text C:\WINDOWS\System32\svchost.exe[2812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\svchost.exe[2812] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 000A1400 .text C:\WINDOWS\System32\svchost.exe[2812] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 000A2400 .text C:\WINDOWS\System32\svchost.exe[2812] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\svchost.exe[2812] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\svchost.exe[2812] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\System32\svchost.exe[2812] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2812] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 000A2D30 .text C:\WINDOWS\System32\svchost.exe[2812] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 000A2B90 .text C:\WINDOWS\System32\svchost.exe[2812] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 000A1CF0 .text C:\WINDOWS\System32\svchost.exe[2812] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 000A21B0 .text C:\WINDOWS\System32\svchost.exe[2812] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 000A1F50 .text C:\WINDOWS\System32\svchost.exe[2812] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1B60 .text C:\WINDOWS\System32\svchost.exe[2812] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E90 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001524A0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00152740 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0015C9DA .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0015C896 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001511C0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00151400 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00152400 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00151000 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 001510A0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 001523A0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00152D30 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00152B90 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151B60 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] WS2_32.dll!send 71A5428A 5 Bytes JMP 00152E90 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00151CF0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 001521B0 .text C:\Program Files\Common Files\Protexis\License Service\PSIService.exe[2852] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00151F50 .text C:\WINDOWS\system32\svchost.exe[2972] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A24A0 .text C:\WINDOWS\system32\svchost.exe[2972] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A2740 .text C:\WINDOWS\system32\svchost.exe[2972] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000AC9DA .text C:\WINDOWS\system32\svchost.exe[2972] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000AC896 .text C:\WINDOWS\system32\svchost.exe[2972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2972] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[2972] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 000A1400 .text C:\WINDOWS\system32\svchost.exe[2972] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 000A2400 .text C:\WINDOWS\system32\svchost.exe[2972] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[2972] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[2972] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\svchost.exe[2972] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2972] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 000A2D30 .text C:\WINDOWS\system32\svchost.exe[2972] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 000A2B90 .text C:\WINDOWS\system32\svchost.exe[2972] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 000A1CF0 .text C:\WINDOWS\system32\svchost.exe[2972] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 000A21B0 .text C:\WINDOWS\system32\svchost.exe[2972] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 000A1F50 .text C:\WINDOWS\system32\svchost.exe[2972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1B60 .text C:\WINDOWS\system32\svchost.exe[2972] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E90 .text C:\WINDOWS\System32\svchost.exe[3300] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A24A0 .text C:\WINDOWS\System32\svchost.exe[3300] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A2740 .text C:\WINDOWS\System32\svchost.exe[3300] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000AC9DA .text C:\WINDOWS\System32\svchost.exe[3300] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000AC896 .text C:\WINDOWS\System32\svchost.exe[3300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3300] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\svchost.exe[3300] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 000A1400 .text C:\WINDOWS\System32\svchost.exe[3300] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 000A2400 .text C:\WINDOWS\System32\svchost.exe[3300] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\svchost.exe[3300] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\svchost.exe[3300] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\System32\svchost.exe[3300] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 000A2D30 .text C:\WINDOWS\System32\svchost.exe[3300] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 000A2B90 .text C:\WINDOWS\System32\svchost.exe[3300] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 000A1CF0 .text C:\WINDOWS\System32\svchost.exe[3300] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 000A21B0 .text C:\WINDOWS\System32\svchost.exe[3300] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 000A1F50 .text C:\WINDOWS\System32\svchost.exe[3300] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1B60 .text C:\WINDOWS\System32\svchost.exe[3300] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E90 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A24A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A2740 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000AC9DA .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000AC896 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 000A1400 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 000A2400 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 000A2D30 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 000A2B90 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 000A1CF0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 000A21B0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 000A1F50 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1B60 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3364] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E90 .text C:\WINDOWS\System32\alg.exe[3648] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A24A0 .text C:\WINDOWS\System32\alg.exe[3648] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A2740 .text C:\WINDOWS\System32\alg.exe[3648] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000AC9DA .text C:\WINDOWS\System32\alg.exe[3648] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000AC896 .text C:\WINDOWS\System32\alg.exe[3648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3648] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[3648] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 000A1400 .text C:\WINDOWS\System32\alg.exe[3648] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 000A2400 .text C:\WINDOWS\System32\alg.exe[3648] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[3648] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[3648] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 000A23A0 .text C:\WINDOWS\System32\alg.exe[3648] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3648] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 000A2D30 .text C:\WINDOWS\System32\alg.exe[3648] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 000A2B90 .text C:\WINDOWS\System32\alg.exe[3648] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1B60 .text C:\WINDOWS\System32\alg.exe[3648] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2E90 .text C:\WINDOWS\System32\alg.exe[3648] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 000A1CF0 .text C:\WINDOWS\System32\alg.exe[3648] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 000A21B0 .text C:\WINDOWS\System32\alg.exe[3648] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 000A1F50 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001624A0 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00162740 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0016C9DA .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0016C896 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916FCA 1 Byte [62] .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00161400 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] kernel32.dll!MoveFileW 7C8211D1 5 Bytes JMP 00162400 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] kernel32.dll!CopyFileA 7C82865E 5 Bytes JMP 00161000 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] kernel32.dll!CopyFileW 7C82F7D3 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] kernel32.dll!MoveFileA 7C835E17 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] kernel32.dll!GetBinaryTypeW + 80 7C867E34 1 Byte [62] .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00162D30 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00162B90 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] WININET.dll!HttpSendRequestA 4363CD48 5 Bytes JMP 00161CF0 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] WININET.dll!InternetWriteFile 43643665 5 Bytes JMP 001621B0 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] WININET.dll!HttpSendRequestW 43651028 5 Bytes JMP 00161F50 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161B60 .text C:\Documents and Settings\Administrator\Pulpit\wy10x1m0.exe[4076] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162E90 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[836] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Administrator\Dane aplikacji\Tyqiqb.exe Tyqiqb ---- EOF - GMER 1.0.15 ----