GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-13 21:43:20 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01 Running: b5jr9ybh.exe; Driver: C:\Users\Hubert\AppData\Local\Temp\uwrirpow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D3489CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D34AEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D34AF04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D34B01A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D34AE02] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x839280CC] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x83928394] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D34AF54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D34AE56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D34AFC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D3489EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D3487B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D348A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D34B412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D3494AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D34AEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D34AF2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D34B044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D34AE2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D34AF94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D34AE84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D34AFF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D349370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D348A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D348A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D348812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D34894E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D34892A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D348972] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x83927B3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D348A7E] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x83928690] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 340 826F7994 4 Bytes [CA, 89, 34, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 404 826F7A58 8 Bytes [AC, AE, 34, 8D, 04, AF, 34, ...] {LODSB ; SCASB ; XOR AL, 0x8d; ADD AL, 0xaf; XOR AL, 0x8d} .text ntkrnlpa.exe!KeSetTimerEx + 410 826F7A64 1 Byte [1A] .text ntkrnlpa.exe!KeSetTimerEx + 410 826F7A64 4 Bytes [1A, B0, 34, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 428 826F7A7C 4 Bytes [02, AE, 34, 8D] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8281E8F2 5 Bytes JMP 8D7CE29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8285B1B6 4 Bytes CALL 8D349E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8286AB0D 4 Bytes CALL 8D349E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82887257 5 Bytes JMP 8D7CFD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88957480, 0x3C939, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88998900, 0x3CA, 0x48000040] ? \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\wininit.exe[628] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00030030 .text C:\Windows\system32\wininit.exe[628] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0003006C .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0005006C .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000500A8 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000501D4 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000500E4 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00050120 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0005015C .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00050198 .text C:\Windows\system32\wininit.exe[628] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00050030 .text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000600E4 .text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00060030 .text C:\Windows\system32\wininit.exe[628] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0006006C .text C:\Windows\system32\wininit.exe[628] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000600A8 .text C:\Windows\system32\wininit.exe[628] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00060120 .text C:\Windows\system32\services.exe[672] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\services.exe[672] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0017006C .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001700A8 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001701D4 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001700E4 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00170120 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0017015C .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00170198 .text C:\Windows\system32\services.exe[672] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00170030 .text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 005400E4 .text C:\Windows\system32\services.exe[672] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00540030 .text C:\Windows\system32\services.exe[672] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0054006C .text C:\Windows\system32\services.exe[672] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 005400A8 .text C:\Windows\system32\services.exe[672] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00540120 .text C:\Windows\system32\lsass.exe[688] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\lsass.exe[688] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\lsass.exe[688] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000900E4 .text C:\Windows\system32\lsass.exe[688] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00090030 .text C:\Windows\system32\lsass.exe[688] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0009006C .text C:\Windows\system32\lsass.exe[688] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000900A8 .text C:\Windows\system32\lsass.exe[688] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00090120 .text C:\Windows\system32\lsm.exe[696] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\lsm.exe[696] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\winlogon.exe[740] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00030030 .text C:\Windows\system32\winlogon.exe[740] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0003006C .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0005006C .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000500A8 .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000501D4 .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000500E4 .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00050120 .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0005015C .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00050198 .text C:\Windows\system32\winlogon.exe[740] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00050030 .text C:\Windows\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000600E4 .text C:\Windows\system32\winlogon.exe[740] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00060030 .text C:\Windows\system32\winlogon.exe[740] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0006006C .text C:\Windows\system32\winlogon.exe[740] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000600A8 .text C:\Windows\system32\winlogon.exe[740] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00060120 .text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\System32\spoolsv.exe[988] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\System32\spoolsv.exe[988] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\System32\spoolsv.exe[988] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\System32\spoolsv.exe[988] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Windows\System32\spoolsv.exe[988] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Windows\System32\spoolsv.exe[988] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Windows\System32\spoolsv.exe[988] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Windows\System32\spoolsv.exe[988] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001200E4 .text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00120030 .text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0012006C .text C:\Windows\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001200A8 .text C:\Windows\system32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00120120 .text C:\Windows\System32\svchost.exe[1076] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 00A500E4 .text C:\Windows\System32\svchost.exe[1076] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00A50030 .text C:\Windows\System32\svchost.exe[1076] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 00A5006C .text C:\Windows\System32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 00A500A8 .text C:\Windows\System32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00A50120 .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0017006C .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001700A8 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001701D4 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001700E4 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00170120 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0017015C .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00170198 .text C:\Windows\system32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00170030 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 009200E4 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00920030 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0092006C .text C:\Windows\system32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 009200A8 .text C:\Windows\system32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00920120 .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 00DB00E4 .text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00DB0030 .text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 00DB006C .text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 00DB00A8 .text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00DB0120 .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00090030 .text C:\Windows\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0009006C .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 000C006C .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000C00A8 .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000C01D4 .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000C00E4 .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 000C0120 .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 000C015C .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 000C0198 .text C:\Windows\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 000C0030 .text C:\Windows\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 002C00E4 .text C:\Windows\system32\svchost.exe[1160] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 002C0030 .text C:\Windows\system32\svchost.exe[1160] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 002C006C .text C:\Windows\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 002C00A8 .text C:\Windows\system32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 002C0120 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00140030 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0014006C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001600E4 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00160030 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0016006C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001600A8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00160120 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0017006C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001700A8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001701D4 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001700E4 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00170120 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0017015C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00170198 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1272] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00170030 .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[1344] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 00D700E4 .text C:\Windows\system32\svchost.exe[1344] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00D70030 .text C:\Windows\system32\svchost.exe[1344] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 00D7006C .text C:\Windows\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 00D700A8 .text C:\Windows\system32\svchost.exe[1344] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00D70120 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00140030 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0014006C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001600E4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00160030 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0016006C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001600A8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00160120 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0017006C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001700A8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001701D4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001700E4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00170120 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0017015C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00170198 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1464] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00170030 .text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00090030 .text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0009006C .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 000C006C .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000C00A8 .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000C01D4 .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000C00E4 .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 000C0120 .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 000C015C .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 000C0198 .text C:\Windows\system32\svchost.exe[1488] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 000C0030 .text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 00C000E4 .text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00C00030 .text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 00C0006C .text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 00C000A8 .text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00C00120 .text C:\Windows\system32\taskeng.exe[1564] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\taskeng.exe[1564] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\taskeng.exe[1564] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\taskeng.exe[1564] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000800E4 .text C:\Windows\system32\taskeng.exe[1564] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00080030 .text C:\Windows\system32\taskeng.exe[1564] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0008006C .text C:\Windows\system32\taskeng.exe[1564] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000800A8 .text C:\Windows\system32\taskeng.exe[1564] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00080120 .text C:\Windows\system32\Dwm.exe[1656] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\Dwm.exe[1656] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\Dwm.exe[1656] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\Dwm.exe[1656] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000800E4 .text C:\Windows\system32\Dwm.exe[1656] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00080030 .text C:\Windows\system32\Dwm.exe[1656] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0008006C .text C:\Windows\system32\Dwm.exe[1656] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000800A8 .text C:\Windows\system32\Dwm.exe[1656] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00080120 .text C:\Windows\Explorer.EXE[1680] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\Explorer.EXE[1680] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0008006C .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000800A8 .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000801D4 .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000800E4 .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00080120 .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0008015C .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00080198 .text C:\Windows\Explorer.EXE[1680] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00080030 .text C:\Windows\Explorer.EXE[1680] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001900E4 .text C:\Windows\Explorer.EXE[1680] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00190030 .text C:\Windows\Explorer.EXE[1680] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0019006C .text C:\Windows\Explorer.EXE[1680] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001900A8 .text C:\Windows\Explorer.EXE[1680] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00190120 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 638D0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!HeapSetInformation + 26 760B6E28 7 Bytes JMP 638D3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!LockResource + C 760D7F2B 7 Bytes JMP 63B07B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] kernel32.dll!VirtualAllocEx + 54 760DB86A 7 Bytes JMP 63B07B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000700E4 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00070030 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0007006C .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000700A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00070120 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] GDI32.dll!StretchDIBits + 179 75D375BB 7 Bytes JMP 63B07AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0008006C .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000800A8 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000801D4 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000800E4 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00080120 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0008015C .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00080198 .text C:\Program Files\Mozilla Firefox\firefox.exe[1692] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00080030 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 760B6E2D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Windows\system32\WLANExt.exe[1744] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\WLANExt.exe[1744] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\WLANExt.exe[1744] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\WLANExt.exe[1744] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000800E4 .text C:\Windows\system32\WLANExt.exe[1744] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00080030 .text C:\Windows\system32\WLANExt.exe[1744] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0008006C .text C:\Windows\system32\WLANExt.exe[1744] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000800A8 .text C:\Windows\system32\WLANExt.exe[1744] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00080120 .text C:\Windows\System32\hkcmd.exe[1908] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Windows\System32\hkcmd.exe[1908] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Windows\System32\hkcmd.exe[1908] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001800E4 .text C:\Windows\System32\hkcmd.exe[1908] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00180030 .text C:\Windows\System32\hkcmd.exe[1908] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0018006C .text C:\Windows\System32\hkcmd.exe[1908] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001800A8 .text C:\Windows\System32\hkcmd.exe[1908] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00180120 .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0019006C .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001900A8 .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001901D4 .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001900E4 .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00190120 .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0019015C .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00190198 .text C:\Windows\System32\hkcmd.exe[1908] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00190030 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 002A006C .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 002A00A8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 002A01D4 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 002A00E4 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 002A0120 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 002A015C .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 002A0198 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 002A0030 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 002B00E4 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 002B0030 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 002B006C .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 002B00A8 .text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[1936] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 002B0120 .text C:\Windows\system32\igfxsrvc.exe[1948] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Windows\system32\igfxsrvc.exe[1948] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Windows\system32\igfxsrvc.exe[1948] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Windows\system32\igfxsrvc.exe[1948] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Windows\system32\igfxsrvc.exe[1948] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Windows\system32\igfxsrvc.exe[1948] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Windows\system32\igfxsrvc.exe[1948] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0018006C .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001800A8 .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001801D4 .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001800E4 .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00180120 .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0018015C .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00180198 .text C:\Windows\system32\igfxsrvc.exe[1948] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00180030 .text C:\Windows\System32\igfxpers.exe[2004] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Windows\System32\igfxpers.exe[2004] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Windows\System32\igfxpers.exe[2004] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0018006C .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001800A8 .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001801D4 .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001800E4 .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00180120 .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0018015C .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00180198 .text C:\Windows\System32\igfxpers.exe[2004] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00180030 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0018006C .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001800A8 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001801D4 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001800E4 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00180120 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0018015C .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00180198 .text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2216] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00180030 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0018006C .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001800A8 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001801D4 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001800E4 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00180120 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0018015C .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00180198 .text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2284] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00180030 .text C:\Windows\System32\rundll32.exe[2352] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00060030 .text C:\Windows\System32\rundll32.exe[2352] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0006006C .text C:\Windows\System32\rundll32.exe[2352] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000700E4 .text C:\Windows\System32\rundll32.exe[2352] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00070030 .text C:\Windows\System32\rundll32.exe[2352] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0007006C .text C:\Windows\System32\rundll32.exe[2352] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000700A8 .text C:\Windows\System32\rundll32.exe[2352] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00070120 .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 001C006C .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001C00A8 .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001C01D4 .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001C00E4 .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 001C0120 .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 001C015C .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 001C0198 .text C:\Windows\System32\rundll32.exe[2352] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 001C0030 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0018006C .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001800A8 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001801D4 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001800E4 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00180120 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0018015C .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00180198 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[2436] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00180030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00160030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0016006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0017006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001700A8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001701D4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001700E4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00170120 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0017015C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00170198 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00170030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001800E4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00180030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0018006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001800A8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2520] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00180120 .text C:\Windows\system32\igfxext.exe[2584] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Windows\system32\igfxext.exe[2584] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Windows\system32\igfxext.exe[2584] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Windows\system32\igfxext.exe[2584] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Windows\system32\igfxext.exe[2584] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Windows\system32\igfxext.exe[2584] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Windows\system32\igfxext.exe[2584] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0018006C .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001800A8 .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001801D4 .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001800E4 .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00180120 .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0018015C .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00180198 .text C:\Windows\system32\igfxext.exe[2584] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00180030 .text C:\Windows\system32\agrsmsvc.exe[2624] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00080030 .text C:\Windows\system32\agrsmsvc.exe[2624] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0008006C .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 000A006C .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000A00A8 .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000A01D4 .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000A00E4 .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 000A0120 .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 000A015C .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 000A0198 .text C:\Windows\system32\agrsmsvc.exe[2624] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 000A0030 .text C:\Windows\system32\agrsmsvc.exe[2624] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000B00E4 .text C:\Windows\system32\agrsmsvc.exe[2624] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 000B0030 .text C:\Windows\system32\agrsmsvc.exe[2624] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 000B006C .text C:\Windows\system32\agrsmsvc.exe[2624] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000B00A8 .text C:\Windows\system32\agrsmsvc.exe[2624] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 000B0120 .text C:\Windows\system32\svchost.exe[2680] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[2680] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 002D00E4 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 002D0030 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 002D006C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 002D00A8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 002D0120 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 002E006C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 002E00A8 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 002E01D4 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 002E00E4 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 002E0120 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 002E015C .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 002E0198 .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2692] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 002E0030 .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2716] ntdll.dll!DbgUiRemoteBreakin 7731D094 1 Byte [C3] .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 000D0030 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 000D006C .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0011006C .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001100A8 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001101D4 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001100E4 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00110120 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0011015C .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00110198 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00110030 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001200E4 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00120030 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0012006C .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001200A8 .text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2788] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00120120 .text C:\Windows\system32\svchost.exe[2948] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00090030 .text C:\Windows\system32\svchost.exe[2948] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0009006C .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 000B006C .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000B00A8 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000B01D4 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000B00E4 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 000B0120 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 000B015C .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 000B0198 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 000B0030 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001B00E4 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 001B0030 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 001B006C .text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001B00A8 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 001B0120 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 000D0030 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 000D006C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 000F006C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000F00A8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000F01D4 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000F00E4 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 000F0120 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 000F015C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 000F0198 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 000F0030 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001000E4 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00100030 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0010006C .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001000A8 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2988] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00100120 .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\svchost.exe[3056] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\svchost.exe[3056] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\TODDSrv.exe[3264] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Windows\system32\TODDSrv.exe[3264] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Windows\system32\TODDSrv.exe[3264] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001700E4 .text C:\Windows\system32\TODDSrv.exe[3264] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00170030 .text C:\Windows\system32\TODDSrv.exe[3264] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0017006C .text C:\Windows\system32\TODDSrv.exe[3264] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001700A8 .text C:\Windows\system32\TODDSrv.exe[3264] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00170120 .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0018006C .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001800A8 .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001801D4 .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001800E4 .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00180120 .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0018015C .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00180198 .text C:\Windows\system32\TODDSrv.exe[3264] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00180030 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 001A006C .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001A00A8 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001A01D4 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001A00E4 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 001A0120 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 001A015C .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 001A0198 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 001A0030 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001B00E4 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 001B0030 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 001B006C .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001B00A8 .text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3300] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 001B0120 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0017006C .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001700A8 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001701D4 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001700E4 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00170120 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0017015C .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00170198 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00170030 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001800E4 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00180030 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0018006C .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001800A8 .text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3372] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00180120 .text C:\Windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\SearchIndexer.exe[3432] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\SearchIndexer.exe[3432] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000800E4 .text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00080030 .text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0008006C .text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000800A8 .text C:\Windows\system32\SearchIndexer.exe[3432] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00080120 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00140030 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0014006C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 001600E4 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00160030 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0016006C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 001600A8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00160120 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0017006C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 001700A8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 001701D4 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 001700E4 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00170120 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0017015C .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00170198 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3632] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00170030 .text C:\Windows\system32\cmd.exe[3808] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00060030 .text C:\Windows\system32\cmd.exe[3808] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0006006C .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\cmd.exe[3808] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 002600E4 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00260030 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0026006C .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 002600A8 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00260120 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0027006C .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 002700A8 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 002701D4 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 002700E4 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00270120 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0027015C .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00270198 .text C:\Users\Hubert\AppData\Local\Temp\AP1.tmp\svccost.exe[3820] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00270030 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0008006C .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000800A8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000801D4 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000800E4 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00080120 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0008015C .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00080198 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00080030 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000900E4 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00090030 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0009006C .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000900A8 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4032] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00090120 .text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\taskeng.exe[4444] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\taskeng.exe[4444] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\taskeng.exe[4444] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000800E4 .text C:\Windows\system32\taskeng.exe[4444] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00080030 .text C:\Windows\system32\taskeng.exe[4444] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0008006C .text C:\Windows\system32\taskeng.exe[4444] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000800A8 .text C:\Windows\system32\taskeng.exe[4444] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00080120 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 002700E4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00270030 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0027006C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 002700A8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00270120 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0028006C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 002800A8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 002801D4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 002800E4 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00280120 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0028015C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00280198 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4540] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00280030 .text C:\Windows\system32\taskmgr.exe[4780] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00050030 .text C:\Windows\system32\taskmgr.exe[4780] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0005006C .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0007006C .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 000700A8 .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 000701D4 .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 000700E4 .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00070120 .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0007015C .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00070198 .text C:\Windows\system32\taskmgr.exe[4780] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00070030 .text C:\Windows\system32\taskmgr.exe[4780] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 000800E4 .text C:\Windows\system32\taskmgr.exe[4780] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 00080030 .text C:\Windows\system32\taskmgr.exe[4780] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 0008006C .text C:\Windows\system32\taskmgr.exe[4780] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 000800A8 .text C:\Windows\system32\taskmgr.exe[4780] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 00080120 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ntdll.dll!LdrLoadDll 772B7933 5 Bytes JMP 00150030 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ntdll.dll!LdrUnloadDll 772CE89C 5 Bytes JMP 0015006C .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!CreateServiceW 774538FF 5 Bytes JMP 0026006C .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!DeleteService 77453BEE 5 Bytes JMP 002600A8 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!SetServiceObjectSecurity 774966A9 5 Bytes JMP 002601D4 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!ChangeServiceConfigA 774967A9 5 Bytes JMP 002600E4 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!ChangeServiceConfigW 77496951 5 Bytes JMP 00260120 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!ChangeServiceConfig2A 77496A69 5 Bytes JMP 0026015C .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!ChangeServiceConfig2W 77496BB1 5 Bytes JMP 00260198 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] ADVAPI32.dll!CreateServiceA 77496C71 5 Bytes JMP 00260030 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] USER32.dll!SetWindowsHookExW 75D87B69 5 Bytes JMP 002D00E4 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] USER32.dll!SetWinEventHook 75D8915C 5 Bytes JMP 002D0030 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] USER32.dll!UnhookWinEvent 75D8B702 5 Bytes JMP 002D006C .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] USER32.dll!SetWindowsHookExA 75DABB0E 5 Bytes JMP 002D00A8 .text C:\Users\Hubert\Desktop\b5jr9ybh.exe[5448] USER32.dll!UnhookWindowsHookEx 75DB08BE 5 Bytes JMP 002D0120 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74197BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741D98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7419D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7418F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74197599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7418E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [741CB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7419D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7419012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74190095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7421D810] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741B75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7418DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7418668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1680] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74191E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5ac9c619f3\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0x8D 0x52 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0xCD 0x6F 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x84 0xC2 0x63 0xD8 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0x8D 0x52 0xD9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0xCD 0x6F 0x75 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x84 0xC2 0x63 0xD8 ... ---- EOF - GMER 1.0.15 ----