GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-12 09:06:37 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BEVE-00UYT0 rev.01.04A01 Running: ex6w1ijd[1].exe; Driver: C:\DOCUME~1\Florida\LOCALS~1\Temp\uxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBA41DDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA4AAA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xBA41E85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBA44AD5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBA4232E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBA423330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBA423422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBA44A711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBA423252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBA423374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBA42329A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBA4233DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBA41DE44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBA44B423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBA44B6D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBA4209A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA44B28E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA44B0F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA4AAB34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBA41DAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBA41DE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBA420D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBA41EB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBA42330E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBA423352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBA423446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBA44AA6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBA423278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBA420518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBA4233AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBA4232C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBA42074C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBA423400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA4AACA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBA44AF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBA41E9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBA44ADC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA4B4B68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBA449D84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBA41DEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBA41DF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBA41DB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBA41DCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBA44B52A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBA41DC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBA41DD5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xBA4AAD60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBA41DF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xBA4AABE0] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 98 804E2704 4 Bytes CALL AD12E14A .text ntoskrnl.exe!_abnormal_termination + 2D8 804E2944 4 Bytes [CE, E9, 41, BA] PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569FBB 4 Bytes CALL BA41F19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF78C8320] init C:\WINDOWS\system32\drivers\mmrtkrnl.sys entry point in "init" section [0xF891BC80] .text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP BA422180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80CAA1 2 Bytes JMP BA42207C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D3 BF80CAA4 2 Bytes [C1, FA] .text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP BA422036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C962 5 Bytes JMP BA421724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP BA420F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP BA4222EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP BA421F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP BA4224F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP BA420FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP BA420E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + B5F2 BF8670A0 5 Bytes JMP BA42170C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP BA421384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP BA421562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP BA4220BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP BA42151C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B1EF6 5 Bytes JMP BA4217FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP BA422232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 33F7 BF8BA1A0 5 Bytes JMP BA4217E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP BA420E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP BA422450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP BA421104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP BA4211AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP BA4212E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + B223 BF8F5689 5 Bytes JMP BA42173C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP BA420D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP BA420F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP BA4210B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP BA42167C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP BA4223A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) pnidata C:\WINDOWS\System32\DRIVERS\secdrv.sys unknown last section [0xB75FFF00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[148] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[232] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[420] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[512] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[512] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[512] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[512] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\SCardSvr.exe[556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\SCardSvr.exe[556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[556] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\SCardSvr.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[556] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\SCardSvr.exe[556] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\SCardSvr.exe[556] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\SCardSvr.exe[556] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\SCardSvr.exe[556] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\SCardSvr.exe[556] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\smss.exe[724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[824] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[824] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[824] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[824] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[824] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[824] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[824] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[824] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\cisvc.exe[912] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\cisvc.exe[912] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\cisvc.exe[912] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\cisvc.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\cisvc.exe[912] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\cisvc.exe[912] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\cisvc.exe[912] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\cisvc.exe[912] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\cisvc.exe[912] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\cisvc.exe[912] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00310600 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\WINDOWS\SYSTEM32\Ati2evxx.exe[920] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003D1014 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003D0804 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003D0A08 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003D0C0C .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003D0E10 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003D01F8 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003D03FC .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003D0600 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003E0A08 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003E0804 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003E0600 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003E01F8 .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1040] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003E03FC .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00581014 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00580804 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00580A08 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00580C0C .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00580E10 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 005801F8 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 005803FC .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00580600 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00590A08 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00590804 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00590600 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 005901F8 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 005903FC .text C:\WINDOWS\system32\csrss.exe[1208] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1208] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\SYSTEM32\winlogon.exe[1232] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[1276] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1276] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1276] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[1276] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[1276] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[1276] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[1276] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[1276] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[1276] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[1296] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1296] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[1296] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1296] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1296] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1296] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1296] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1296] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\AGRSMMSG.exe[1300] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\WINDOWS\AGRSMMSG.exe[1300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\AGRSMMSG.exe[1300] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\WINDOWS\AGRSMMSG.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\AGRSMMSG.exe[1300] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\AGRSMMSG.exe[1300] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\WINDOWS\AGRSMMSG.exe[1300] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\WINDOWS\AGRSMMSG.exe[1300] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\WINDOWS\AGRSMMSG.exe[1300] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\WINDOWS\AGRSMMSG.exe[1300] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\WINDOWS\System32\Ati2evxx.exe[1448] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\Ati2evxx.exe[1448] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\Ati2evxx.exe[1448] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1472] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1472] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003E0A08 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003E0804 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003E0600 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003E01F8 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003E03FC .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F1014 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F0804 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0A08 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F0C0C .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0E10 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F01F8 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F03FC .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1516] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1616] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1616] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1616] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1616] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1616] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1616] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1616] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text D:\Winamp\winampa.exe[1664] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000801F8 .text D:\Winamp\winampa.exe[1664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text D:\Winamp\winampa.exe[1664] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000803FC .text D:\Winamp\winampa.exe[1664] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00321014 .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00320804 .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00320A08 .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00320C0C .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00320E10 .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003201F8 .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003203FC .text D:\Winamp\winampa.exe[1664] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00320600 .text D:\Winamp\winampa.exe[1664] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00330A08 .text D:\Winamp\winampa.exe[1664] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00330804 .text D:\Winamp\winampa.exe[1664] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00330600 .text D:\Winamp\winampa.exe[1664] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003301F8 .text D:\Winamp\winampa.exe[1664] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003303FC .text C:\WINDOWS\System32\svchost.exe[1836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1836] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1836] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1836] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1836] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1836] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1836] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1836] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1860] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004503FC .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 006A0A08 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 006A0804 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 006A0600 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 006A01F8 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 006A03FC .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 006B1014 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 006B0804 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 006B0A08 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 006B0C0C .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 006B0E10 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 006B01F8 .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 006B03FC .text C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe[1880] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 006B0600 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 008D0A08 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 008D0804 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 008D0600 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 008D01F8 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 008D03FC .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 008E1014 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 008E0804 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 008E0A08 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 008E0C0C .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 008E0E10 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 008E01F8 .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 008E03FC .text C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe[1900] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 008E0600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1936] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[1936] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1936] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[1936] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[1936] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[1936] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[1936] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[1936] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[1936] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[1936] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00F00A08 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00F00804 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00F00600 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 00F001F8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 00F003FC .text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1964] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 005B0A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 005B0804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 005B0600 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 005B01F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 005B03FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 005C1014 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 005C0804 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 005C0A08 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 005C0C0C .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 005C0E10 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 005C01F8 .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 005C03FC .text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[1976] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 005C0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[2076] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2172] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003D1014 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003D0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003D0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003D0C0C .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003D0E10 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003D0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003E0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003E0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[2228] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003E03FC .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2388] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Internet Explorer\iexplore.exe[2464] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F1014 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F0804 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F0C0C .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0E10 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[2464] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!CreateWindowExW 77D4FF50 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 004A0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 004A0804 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004A0600 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004A01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004A03FC .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2464] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003D1014 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003D0804 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003D0A08 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003D0C0C .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003D0E10 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003D01F8 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003D03FC .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003D0600 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003E0A08 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003E0804 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003E0600 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003E01F8 .text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[2568] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\svchost.exe[2616] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[2616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2616] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[2616] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[2616] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[2616] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[2616] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[2616] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[2616] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[2616] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\StkASv2K.exe[2640] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8 .text C:\WINDOWS\System32\StkASv2K.exe[2640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\System32\StkASv2K.exe[2640] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC .text C:\WINDOWS\System32\StkASv2K.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\System32\StkASv2K.exe[2640] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\System32\StkASv2K.exe[2640] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003D0804 .text C:\WINDOWS\System32\StkASv2K.exe[2640] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003D0600 .text C:\WINDOWS\System32\StkASv2K.exe[2640] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003D01F8 .text C:\WINDOWS\System32\StkASv2K.exe[2640] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003D03FC .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\StkASv2K.exe[2640] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 004C0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 004C0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004C0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004C01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3056] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004C03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3184] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[3352] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3412] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3676] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F1014 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F0804 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F0C0C .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0E10 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CallNextHookEx 77D4EB03 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!CreateWindowExW 77D4FF50 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004A0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004A01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004A03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!CoCreateInstance 77500326 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3728] ole32.dll!OleLoadFromStream 77526A3F 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3732] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003103FC .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3756] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F1014 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F0804 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F0C0C .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0E10 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!CallNextHookEx 77D4EB03 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!CreateWindowExW 77D4FF50 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004A0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004A01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004A03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ole32.dll!CoCreateInstance 77500326 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3756] ole32.dll!OleLoadFromStream 77526A3F 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\WINDOWS\explorer.exe[3864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8 .text C:\WINDOWS\explorer.exe[3864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\WINDOWS\explorer.exe[3864] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC .text C:\WINDOWS\explorer.exe[3864] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014 .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804 .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08 .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10 .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8 .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC .text C:\WINDOWS\explorer.exe[3864] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600 .text C:\WINDOWS\explorer.exe[3864] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 00390A08 .text C:\WINDOWS\explorer.exe[3864] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 00390804 .text C:\WINDOWS\explorer.exe[3864] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 00390600 .text C:\WINDOWS\explorer.exe[3864] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 003901F8 .text C:\WINDOWS\explorer.exe[3864] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 003903FC .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62] .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001603FC .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62] .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] USER32.dll!UnhookWindowsHookEx 77D50DF3 5 Bytes JMP 004C0A08 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] USER32.dll!SetWindowsHookExW 77D5E4AF 5 Bytes JMP 004C0804 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] USER32.dll!SetWindowsHookExA 77D611E9 5 Bytes JMP 004C0600 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] USER32.dll!SetWinEventHook 77D617C8 5 Bytes JMP 004C01F8 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] USER32.dll!UnhookWinEvent 77D6187D 5 Bytes JMP 004C03FC .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 004D1014 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 004D0804 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 004D0A08 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 004D0C0C .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 004D0E10 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 004D01F8 .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 004D03FC .text C:\Documents and Settings\Florida\Local Settings\Temporary Internet Files\Content.IE5\CG3RG51M\ex6w1ijd[1].exe[5672] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 004D0600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00FA2BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter] [00FA2CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] [00FA2CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\WINDOWS\system32\services.exe[1276] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[1276] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Processes - GMER 1.0.15 ---- Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1616] 0x45670000 Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3864] 0x45670000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000fb31a7e4c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000fb31a7e4c@002668c3afc1 0xE9 0x14 0xFD 0x40 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000fb31a7e4c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000fb31a7e4c@002668c3afc1 0xE9 0x14 0xFD 0x40 ... ---- EOF - GMER 1.0.15 ----