GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-09 21:12:09 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD2500JS-55NCB1 rev.10.02E01 Running: b0p5h7nf.exe; Driver: C:\DOCUME~1\admin\USTAWI~1\Temp\ugqcrfoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF3822DF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF38D7A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF382385E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF384FD5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF38282E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF3828330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF3828422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF384F711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF3828252] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF73F4B00] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF3828374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF382829A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF38283DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF3822E44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF3850423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF38506D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF38259A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF385028E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF38500F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF38D7B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF3822AD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF3822E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF3825D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF3823B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF382830E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF3828352] SSDT a347bus.sys (Plug and Play BIOS Extension/ ) ZwOpenFile [0xF73F4B40] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF3828446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF384FA6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF3828278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF3825518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF38283AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF38282C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF382574C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF3828400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF38D7CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF384FF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF38239CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF384FDC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF38E1B68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF384ED84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF3822EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF3822F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF3822B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF3822CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF385052A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF3822C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF3822D5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xF38D7D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF3822F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xF38D7BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF38EDD92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 254C 80501D84 16 Bytes [0E, 83, 82, F3, 52, 83, 82, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL F382419F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx + 3 805C74CF 4 Bytes [32, 73, CC, CC] {XOR DH, [EBX-0x34]; INT 3 } .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5DD23A0, 0x83C195, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP F3827180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP F382707C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP F3827036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP F3826724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP F3825F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP F38272EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP F38274F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP F3826F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP F3825E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP F38267E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP F3826384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP F3826562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP F3825E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP F38270BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP F382651C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP F38267FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP F3827232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP F3827450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP F382670C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP F3825FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP F3826104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP F38261AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP F38262E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP F3825D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP F382673C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP F3825F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP F38260B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP F382667C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP F38273A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ntdll.dll!LdrLoadDll 7C91632D 5 Bytes [E9, C6, 9E, 84, 83] {JMP 0xffffffff83849ecb} .text ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes [E9, 2A, 92, 84, 83] {JMP 0xffffffff8384922f} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Bonjour\mDNSResponder.exe[152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Bonjour\mDNSResponder.exe[152] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wdfmgr.exe[360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\WINDOWS\system32\wdfmgr.exe[360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\WINDOWS\system32\wdfmgr.exe[360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wdfmgr.exe[360] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wdfmgr.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wdfmgr.exe[360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wdfmgr.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wdfmgr.exe[360] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wdfmgr.exe[360] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\smss.exe[484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre7\bin\jqs.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[652] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006C0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 006C0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006C0600 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006C01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[652] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006C03FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RunDLL32.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RunDLL32.exe[680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[680] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RunDLL32.exe[680] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RunDLL32.exe[680] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RunDLL32.exe[680] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RunDLL32.exe[680] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RunDLL32.exe[680] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\WINDOWS\system32\csrss.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[732] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\SOUNDMAN.EXE[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\SOUNDMAN.EXE[736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[736] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\SOUNDMAN.EXE[736] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\SOUNDMAN.EXE[736] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\SOUNDMAN.EXE[736] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\SOUNDMAN.EXE[736] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\SOUNDMAN.EXE[736] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[756] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[756] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[800] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[800] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[800] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[800] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[800] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\ctfmon.exe[816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[816] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[816] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[816] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[816] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[816] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\nvsvc32.exe[960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\nvsvc32.exe[960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\nvsvc32.exe[960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[960] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\nvsvc32.exe[960] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\nvsvc32.exe[960] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\nvsvc32.exe[960] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\nvsvc32.exe[960] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\nvsvc32.exe[960] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\ProgramData\TpScrex\TpScrex.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\ProgramData\TpScrex\TpScrex.exe[996] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002501F8 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002503FC .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00570804 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00570A08 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00570600 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005701F8 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005703FC .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00581014 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00580804 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!ChangeServiceConfigW 77E27001 5 Bytes JMP 00580A08 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00580C0C .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00580E10 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!CreateServiceA 77E27211 5 Bytes JMP 005801F8 .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!CreateServiceW 77E273A9 5 Bytes JMP 005803FC .text C:\Program Files\ScreenShooter\screenshooter.exe[1056] ADVAPI32.DLL!DeleteService 77E274B1 5 Bytes JMP 00580600 .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1116] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1148] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E30804 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00E30A08 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00E30600 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00E301F8 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[1152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00E303FC .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005B0804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 005B0A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005B0600 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005B01F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005B03FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005C1014 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005C0804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 005C0A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 005C0C0C .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 005C0E10 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005C01F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005C03FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005C0600 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[1328] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1352] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012AC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 014DE0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 014DE083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 014DE00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 02731014 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 02730804 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 02730A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 02730C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 02730E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 027301F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 027303FC .text C:\Program Files\Mozilla Firefox\firefox.exe[1524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 02730600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1652] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Styler\Styler.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Styler\Styler.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Styler\Styler.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Styler\Styler.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Styler\Styler.exe[1676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Styler\Styler.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Styler\Styler.exe[1676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Styler\Styler.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Styler\Styler.exe[1676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Styler\Styler.exe[1676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\IoctlSvc.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\IoctlSvc.exe[1708] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\IoctlSvc.exe[1708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1888] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00821014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00820804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00820A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00820C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00820E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008201F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008203FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00820600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00830804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00830A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00830600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008301F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008303FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2120] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003C1014 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003C0C0C .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003C0E10 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2352] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00621014 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00620804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00620A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00620C0C .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00620E10 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006201F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006203FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00620600 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00630804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00630A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00630600 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006301F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[2444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006303FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2560] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004A0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004A0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004A0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004A01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[2600] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004A03FC .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01540804 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01540A08 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01540600 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 015401F8 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 015403FC .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00F31014 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00F30804 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00F30A08 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00F30C0C .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00F30E10 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00F301F8 .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00F303FC .text C:\Documents and Settings\admin\Pulpit\OTL.exe[2880] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00F30600 .text C:\WINDOWS\System32\alg.exe[3048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[3048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[3048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[3048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[3048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[3048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[3048] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3140] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[3224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\admin\Pulpit\b0p5h7nf.exe[4092] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8717C230 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \FatCdrom 868FFA20 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 86A4E570 Device \FileSystem\Rdbss \Device\FsWrap 86A607A8 Device \Driver\atapi \Device\Ide\IdePort0 86A6A800 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 86A6A800 Device \Driver\atapi \Device\Ide\IdePort1 86A6A800 Device \Driver\atapi \Device\Ide\IdePort2 86A6A800 Device \Driver\atapi \Device\Ide\IdePort3 86A6A800 Device \Driver\atapi \Device\Ide\IdePort4 86A6A800 Device \Driver\atapi \Device\Ide\IdePort5 86A6A800 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-16 86A6A800 Device \Driver\Cdrom \Device\CdRom1 86A4E570 Device \Driver\Cdrom \Device\CdRom2 86A4E570 Device \Driver\Cdrom \Device\CdRom3 86A4E570 Device \Driver\Cdrom \Device\CdRom4 86A4E570 Device \Driver\Cdrom \Device\CdRom5 86A4E570 Device \Driver\Cdrom \Device\CdRom6 86A4E570 Device \FileSystem\Srv \Device\LanmanServer 86AB9910 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A3AEA8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A3AEA8 Device \FileSystem\Npfs \Device\NamedPipe 86AB7E88 Device \FileSystem\Msfs \Device\Mailslot 8699AB10 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target3Lun0 869A7800 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target1Lun0 869A7800 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target5Lun0 869A7800 Device \Driver\a347scsi \Device\Scsi\a347scsi1 869A7800 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 869A7800 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target4Lun0 869A7800 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target2Lun0 869A7800 Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \Fat 868FFA20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86D3B8E8 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86D3B8E8 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86D3B8E8 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86D3B8E8 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86D3B8E8 Device \FileSystem\Cdfs \Cdfs 87117810 ---- Modules - GMER 1.0.15 ---- Module _________ F737C000-F7394000 (98304 bytes) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej40 0x92 0x3D 0xC1 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej41 0x5E 0x3D 0xC1 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej42 0x5E 0x3D 0xC1 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej43 0x5E 0x3D 0xC1 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40@ljej44 0x5E 0x3D 0xC1 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg42 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg43 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg44 Reg HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg45 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120% Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120% ---- EOF - GMER 1.0.15 ----