GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-07 14:22:48 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04 149,05GB Running: tou5gqno.exe; Driver: C:\Users\SMAKOW~1\AppData\Local\Temp\ugloqpod.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CA22202] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CA247F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CA24848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CA2495E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CA24746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CA24898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CA2479A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CA2490C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CA22226] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CA21FF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CA2224A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CA24D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CA22CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CA24820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CA24870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CA24988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CA24772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CA248D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CA247C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CA24936] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CA22BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CA2226E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CA22292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CA2204A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CA22186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CA22162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CA221AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CA222B6] ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 828C17D0 4 Bytes [02, 22, A2, 8C] .text ntkrnlpa.exe!KeSetEvent + 1D1 828C1894 2 Bytes [F0, 47] {INC EDI} .text ntkrnlpa.exe!KeSetEvent + 1D4 828C1897 5 Bytes [8C, 48, 48, A2, 8C] .text ntkrnlpa.exe!KeSetEvent + 1DD 828C18A0 4 Bytes [5E, 49, A2, 8C] .text ntkrnlpa.exe!KeSetEvent + 1F5 828C18B8 4 Bytes [46, 47, A2, 8C] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A4EEB8 4 Bytes CALL 8CA2334B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A52B2C 4 Bytes CALL 8CA23361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 4537 954D0470 5 Bytes JMP 8CA25440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + C20 954E9689 5 Bytes JMP 8CA25E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 4A1 954EA475 5 Bytes JMP 8CA25F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngTransparentBlt + 8C2F 954F2C03 5 Bytes JMP 8CA24D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 616 954F3B59 5 Bytes JMP 8CA25BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 30FB 954FF297 5 Bytes JMP 8CA25316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 456D 95500709 5 Bytes JMP 8CA24F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A16 9551A285 5 Bytes JMP 8CA25180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 11A6A 9551A2D9 5 Bytes JMP 8CA25326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 377F 95541378 5 Bytes JMP 8CA25B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 60DC 95543CD5 5 Bytes JMP 8CA24E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 4D3F 9554A63E 5 Bytes JMP 8CA24FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 2B44 95554AD4 5 Bytes JMP 8CA26014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStrokePath + 5FF 955579BC 5 Bytes JMP 8CA24E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 8C4 95575F7F 5 Bytes JMP 8CA25D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngNineGrid + 6FA0 9557C65B 5 Bytes JMP 8CA25BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + B0F 9557FDCA 5 Bytes JMP 8CA25CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_vEnumStart + 4728 955876E9 5 Bytes JMP 8CA24EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + E80 955A5C8A 5 Bytes JMP 8CA250AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 248 955AB532 5 Bytes JMP 8CA25008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26D9 955AF06A 5 Bytes JMP 8CA25ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + A15 955CD59D 5 Bytes JMP 8CA2503E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLineTo + D2AF 955D9E37 5 Bytes JMP 8CA250E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmpnscfg.exe[456] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\csrss.exe[548] KERNEL32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\wininit.exe[600] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[600] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[600] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[600] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[600] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[600] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[600] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\csrss.exe[608] KERNEL32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\services.exe[644] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[644] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[644] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[644] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[644] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[644] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[644] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[644] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[644] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[660] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[660] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[660] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[660] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[660] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[660] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[660] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[660] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsm.exe[668] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[668] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[668] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[668] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\winlogon.exe[704] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[704] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[704] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[704] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[704] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[852] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[852] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[852] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[852] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[852] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[852] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[852] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[852] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[852] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[860] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[860] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00260600 .text C:\Windows\system32\svchost.exe[860] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00260804 .text C:\Windows\system32\svchost.exe[860] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00260A08 .text C:\Windows\system32\svchost.exe[860] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 002601F8 .text C:\Windows\system32\svchost.exe[860] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 002603FC .text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00130600 .text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00130804 .text C:\Windows\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00130A08 .text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001301F8 .text C:\Windows\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001303FC .text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00240600 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00240804 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00240A08 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 002401F8 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 002403FC .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 005D0600 .text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 005D0804 .text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 005D0A08 .text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 005D01F8 .text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 005D03FC .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00600600 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00600804 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00600A08 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 006001F8 .text C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 006003FC .text C:\Windows\system32\conime.exe[1168] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\conime.exe[1168] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\conime.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00060600 .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00060C0C .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\conime.exe[1168] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\conime.exe[1168] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00070600 .text C:\Windows\system32\conime.exe[1168] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\conime.exe[1168] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\conime.exe[1168] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\conime.exe[1168] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\AUDIODG.EXE[1196] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 659EF629 C:\Program Files\Mozilla Thunderbird\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] kernel32.dll!HeapSetInformation + 26 76F4A8B0 7 Bytes JMP 659F16D4 C:\Program Files\Mozilla Thunderbird\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] kernel32.dll!LockResource + C 76F66ACB 7 Bytes JMP 664916F9 C:\Program Files\Mozilla Thunderbird\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] kernel32.dll!VirtualAllocEx + 54 76F6AF50 7 Bytes JMP 664916B1 C:\Program Files\Mozilla Thunderbird\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] GDI32.dll!SetStretchBltMode + 256 7700745C 7 Bytes JMP 66491720 C:\Program Files\Mozilla Thunderbird\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00080C0C .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[1264] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000801F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1280] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1288] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00860600 .text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00860804 .text C:\Windows\system32\svchost.exe[1288] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00860A08 .text C:\Windows\system32\svchost.exe[1288] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 008601F8 .text C:\Windows\system32\svchost.exe[1288] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 008603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1472] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[1492] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1492] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1492] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00140600 .text C:\Windows\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00140804 .text C:\Windows\system32\svchost.exe[1492] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00140A08 .text C:\Windows\system32\svchost.exe[1492] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001401F8 .text C:\Windows\system32\svchost.exe[1492] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00060600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00061014 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00060804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00060A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00060C0C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00060E10 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00070600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00070804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1548] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000703FC .text C:\Windows\Explorer.exe[1628] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000901F8 .text C:\Windows\Explorer.exe[1628] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000903FC .text C:\Windows\Explorer.exe[1628] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000B03FC .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 000B0600 .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 000B1014 .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 000B0804 .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 000B0A08 .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 000B0C0C .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 000B0E10 .text C:\Windows\Explorer.exe[1628] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000B01F8 .text C:\Windows\Explorer.exe[1628] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 000C0600 .text C:\Windows\Explorer.exe[1628] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 000C0804 .text C:\Windows\Explorer.exe[1628] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 000C0A08 .text C:\Windows\Explorer.exe[1628] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\Explorer.exe[1628] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000C03FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] kernel32.dll!SetUnhandledExceptionFilter 76F4A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1872] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[1872] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[1872] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[1872] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[1872] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[1872] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[1872] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[1872] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[1872] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[1880] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[1880] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[1880] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 001A0600 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 001A0804 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 001A0A08 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001A01F8 .text C:\Windows\System32\spoolsv.exe[1880] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001A03FC .text C:\Windows\system32\svchost.exe[1908] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1908] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1908] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00130600 .text C:\Windows\system32\svchost.exe[1908] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00130804 .text C:\Windows\system32\svchost.exe[1908] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00130A08 .text C:\Windows\system32\svchost.exe[1908] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001301F8 .text C:\Windows\system32\svchost.exe[1908] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001303FC .text C:\Program Files\Trans\trans.exe[2100] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 001401F8 .text C:\Program Files\Trans\trans.exe[2100] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 001403FC .text C:\Program Files\Trans\trans.exe[2100] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Trans\trans.exe[2100] user32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00160600 .text C:\Program Files\Trans\trans.exe[2100] user32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00160804 .text C:\Program Files\Trans\trans.exe[2100] user32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00160A08 .text C:\Program Files\Trans\trans.exe[2100] user32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001601F8 .text C:\Program Files\Trans\trans.exe[2100] user32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001603FC .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00170600 .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00170C0C .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Trans\trans.exe[2100] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 001701F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00070600 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00070804 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00070A08 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000701F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000703FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000803FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00080600 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00081014 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00080804 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00080A08 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00080C0C .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00080E10 .text C:\Users\Smakowscy\AppData\Local\GG\Application\gghub.exe[2172] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000801F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000601F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000603FC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00070600 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00070804 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00070A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000701F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000703FC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000803FC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00080600 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00081014 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00080804 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00080A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00080C0C .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00080E10 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2272] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\svchost.exe[2444] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2444] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2444] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2444] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00F00600 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00F00804 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00F00A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 00F001F8 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 00F003FC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 00F103FC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00F10600 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00F11014 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00F10804 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00F10A08 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00F10C0C .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00F10E10 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2544] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 00F101F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 001501F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 001503FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 001C03FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 001C0600 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 001C1014 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 001C0804 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 001C0A08 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 001C0C0C .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 001C0E10 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 001C01F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 001D0600 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 001D0804 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 001D0A08 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001D01F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggdrive\ggdrive.exe[2588] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001D03FC .text C:\Windows\system32\wuauclt.exe[2608] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000601F8 .text C:\Windows\system32\wuauclt.exe[2608] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000603FC .text C:\Windows\system32\wuauclt.exe[2608] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[2608] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00070600 .text C:\Windows\system32\wuauclt.exe[2608] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00070804 .text C:\Windows\system32\wuauclt.exe[2608] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\wuauclt.exe[2608] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[2608] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00080600 .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00080C0C .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\wuauclt.exe[2608] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 001803FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00181014 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00180C0C .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00180E10 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2664] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 001801F8 .text C:\Program Files\PDF Architect\HelperService.exe[2808] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Program Files\PDF Architect\HelperService.exe[2808] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Program Files\PDF Architect\HelperService.exe[2808] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 002E03FC .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 002E0600 .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 002E1014 .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 002E0804 .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 002E0A08 .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 002E0C0C .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 002E0E10 .text C:\Program Files\PDF Architect\HelperService.exe[2808] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 002E01F8 .text C:\Program Files\PDF Architect\HelperService.exe[2808] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 002F0600 .text C:\Program Files\PDF Architect\HelperService.exe[2808] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 002F0804 .text C:\Program Files\PDF Architect\HelperService.exe[2808] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 002F0A08 .text C:\Program Files\PDF Architect\HelperService.exe[2808] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 002F01F8 .text C:\Program Files\PDF Architect\HelperService.exe[2808] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 002F03FC .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 001501F8 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 001503FC .text C:\Program Files\PDF Architect\ConversionService.exe[2912] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 001703FC .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00170600 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00171014 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00170804 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00170A08 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00170C0C .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00170E10 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 001701F8 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00180600 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00180804 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00180A08 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\PDF Architect\ConversionService.exe[2912] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\svchost.exe[2948] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2948] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2948] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2948] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[2948] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001003FC .text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2976] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2976] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[3012] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3012] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3012] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[3012] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3040] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[3040] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[3040] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[3040] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3040] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[3040] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[3040] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[3040] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[3040] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Windows\system32\wuauclt.exe[3372] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000701F8 .text C:\Windows\system32\wuauclt.exe[3372] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000703FC .text C:\Windows\system32\wuauclt.exe[3372] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3372] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 000C0600 .text C:\Windows\system32\wuauclt.exe[3372] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 000C0804 .text C:\Windows\system32\wuauclt.exe[3372] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wuauclt.exe[3372] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wuauclt.exe[3372] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000C03FC .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000D03FC .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 000D0600 .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 000D1014 .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 000D0804 .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 000D0A08 .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 000D0C0C .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 000D0E10 .text C:\Windows\system32\wuauclt.exe[3372] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000D01F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 6947C859 C:\Users\Smakowscy\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] kernel32.dll!MapViewOfFile 76F66AD0 5 Bytes JMP 69C6ED8E C:\Users\Smakowscy\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] kernel32.dll!VirtualAlloc 76F6AF55 5 Bytes JMP 69C6ED48 C:\Users\Smakowscy\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00070600 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00070804 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00070A08 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000701F8 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000703FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] USER32.dll!SetWindowLongA 76DDE7CD 5 Bytes JMP 69AF51AA C:\Users\Smakowscy\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] USER32.dll!SetWindowLongW 76DE13B4 5 Bytes JMP 69AF520A C:\Users\Smakowscy\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] GDI32.dll!CreateDIBSection 77007461 5 Bytes JMP 69C6EDB5 C:\Users\Smakowscy\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000803FC .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00080600 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00081014 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00080804 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00080A08 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00080C0C .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00080E10 .text C:\Users\Smakowscy\AppData\Local\GG\Application\ggapp.exe[3732] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[3928] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[3928] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[3928] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[3928] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[3928] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[3928] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[3928] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[3928] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[3928] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00170600 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00171014 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00170804 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00170A08 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00170C0C .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00170E10 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00180600 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00180804 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00180A08 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[4028] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 001803FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!LdrLoadDll 77229378 3 Bytes JMP 002301F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!LdrLoadDll + 4 7722937C 1 Byte [89] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 002303FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateFile + 6 7726424A 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateFile + B 7726424F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateKey + 6 7726428A 4 Bytes [68, 01, 22, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateKey + B 7726428F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateMutant + 6 772642BA 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateMutant + B 772642BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateSection + 6 7726433A 4 Bytes [68, 02, 22, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtCreateSection + B 7726433F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtMapViewOfSection + 6 7726499A 4 Bytes [A8, 04, 22, 00] {TEST AL, 0x4; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtMapViewOfSection + B 7726499F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenFile + 6 77264A2A 4 Bytes [68, 00, 22, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenFile + B 77264A2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenKey + 6 77264A5A 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenKey + B 77264A5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenMutant + B 77264A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcess + 6 77264AAA 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcess + 6 77264AAA 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcess + B 77264AAF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcessToken + 6 77264ABA 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcessToken + 6 77264ABA 4 Bytes [68, 03, 22, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcessToken + B 77264ABF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcessTokenEx + 6 77264ACA 4 Bytes [28, 04, 22, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenProcessTokenEx + B 77264ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenSection + 6 77264ADA 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenSection + B 77264ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenThread + B 77264B1F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenThreadToken + 6 77264B2A 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenThreadToken + B 77264B2F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenThreadTokenEx + 6 77264B3A 4 Bytes [68, 04, 22, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtOpenThreadTokenEx + B 77264B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtQueryAttributesFile + 6 77264BCA 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtQueryAttributesFile + B 77264BCF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtQueryFullAttributesFile + B 77264C7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtSetInformationFile + 6 7726515A 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtSetInformationFile + B 7726515F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtSetInformationThread + 6 772651AA 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtSetInformationThread + 6 772651AA 4 Bytes [A8, 03, 22, 00] {TEST AL, 0x3; AND AL, [EAX]} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtSetInformationThread + B 772651AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ntdll.dll!NtUnmapViewOfSection + B 7726544F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] kernel32.dll!CreateProcessW 76F21BF3 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] kernel32.dll!CreateProcessA 76F21C28 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] kernel32.dll!OpenEventW 76F3C023 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] kernel32.dll!CreateEventW 76F6B85E 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!DeleteObject 77005A37 5 Bytes JMP 002A01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetDeviceCaps 7700617F 5 Bytes JMP 002A03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SelectObject 770062A0 5 Bytes JMP 002A05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetTextColor 7700666B 5 Bytes JMP 002A0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetBkMode 77006716 5 Bytes JMP 002A08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!DeleteDC 770068CD 5 Bytes JMP 002A0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetCurrentObject 77006B58 5 Bytes JMP 002A0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetStretchBltMode 77007206 5 Bytes JMP 002A06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SaveDC 770075BA 5 Bytes JMP 002A0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!RestoreDC 77007675 5 Bytes JMP 002A0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!StretchDIBits 770078CF 5 Bytes JMP 002A0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!ExtSelectClipRgn 770079F8 5 Bytes JMP 002A02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SelectClipRgn 77007AF9 5 Bytes JMP 002A05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!MoveToEx 77007C33 5 Bytes JMP 002A0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!Rectangle 77007EA9 5 Bytes JMP 002A09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetTextAlign 770082E0 5 Bytes JMP 002A0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetTextAlign 770085CB 5 Bytes JMP 002A09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!ExtTextOutW 7700872B 5 Bytes JMP 002A0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetTextMetricsW 77008A81 5 Bytes JMP 002A0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!IntersectClipRect 77008B64 5 Bytes JMP 002A03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetClipBox 77009071 5 Bytes JMP 002A0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetICMMode 770094E7 5 Bytes JMP 002A0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!CreateDCW 7700A91D 5 Bytes JMP 002A00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!CreateDCA 7700AA49 5 Bytes JMP 002A00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!CreateICW 7700B2E9 5 Bytes JMP 002A0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetTextFaceW 7700B637 5 Bytes JMP 002A0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetFontData 7700BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetFontData 7700BA6C 5 Bytes JMP 002A0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetTextExtentPoint32W 7700C01A 5 Bytes JMP 002A0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetWorldTransform 7700C46A 5 Bytes JMP 002A06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!LineTo 7700C65E 5 Bytes JMP 002A0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetTextMetricsA 7700CCEB 5 Bytes JMP 002A0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!ExtTextOutA 770100A5 5 Bytes JMP 002A0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetTextExtentPoint32A 77010E58 5 Bytes JMP 002A0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!ExtEscape 770122A7 5 Bytes JMP 002A02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!Escape 770127F1 5 Bytes JMP 002A0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!ResetDCW 77013132 5 Bytes JMP 002A0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!EndPage 7701375E 5 Bytes JMP 002A0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetPolyFillMode 770161D3 5 Bytes JMP 002A0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SetMiterLimit 770162E2 5 Bytes JMP 002A0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetTextFaceA 7701F4C5 5 Bytes JMP 002A0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!GetGlyphOutlineW 7702A41F 5 Bytes JMP 002A0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!CreateScalableFontResourceW 7702C88B 5 Bytes JMP 002A0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!AddFontResourceW 7702CC93 5 Bytes JMP 002A0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!RemoveFontResourceW 7702D129 5 Bytes JMP 002A0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!AbortDoc 77032CC4 5 Bytes JMP 002A0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!EndDoc 770330D8 5 Bytes JMP 002A01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!StartPage 770331C3 5 Bytes JMP 002A0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!StartDocW 77033CA7 5 Bytes JMP 002A07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!BeginPath 77034465 5 Bytes JMP 002A0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!SelectClipPath 770344BC 5 Bytes JMP 002A0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!CloseFigure 77034517 5 Bytes JMP 002A0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!EndPath 7703456E 5 Bytes JMP 002A0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!StrokePath 770347A0 5 Bytes JMP 002A07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!FillPath 7703482C 5 Bytes JMP 002A0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!PolylineTo 77034C95 5 Bytes JMP 002A04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!PolyBezierTo 77034D25 5 Bytes JMP 002A04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] GDI32.dll!PolyDraw 77034DD6 5 Bytes JMP 002A08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00320600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00320804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00320A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 003201F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 003203FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!SetCursor 76DDD37D 5 Bytes JMP 002B0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!RegisterClipboardFormatW 76DDD6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!RegisterClipboardFormatW 76DDD6AC 5 Bytes JMP 002B02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!ActivateKeyboardLayout 76DE478C 5 Bytes JMP 002B04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!IsWindowVisible 76DE878A 7 Bytes JMP 002B06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!MonitorFromWindow 76DE88D4 4 Bytes JMP 002B0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!MonitorFromWindow + 5 76DE88D9 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!ScreenToClient 76DE8C56 7 Bytes JMP 002B0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetClientRect 76DE8F0D 7 Bytes JMP 002B05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetParent 76DE90AA 7 Bytes JMP 002B06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!RegisterClipboardFormatA 76DEA111 5 Bytes JMP 002B02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!PostMessageW 76DEA175 5 Bytes JMP 002B05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!MapWindowPoints 76DEA30D 5 Bytes JMP 002B0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetClipboardFormatNameA 76DEA552 5 Bytes JMP 002B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetOpenClipboardWindow 76DF26A6 5 Bytes JMP 002B03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!SetClipboardViewer 76DFBA2D 5 Bytes JMP 002B04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!IsClipboardFormatAvailable 76DFC2E3 5 Bytes JMP 002B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!CloseClipboard 76DFC2F7 5 Bytes JMP 002B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!OpenClipboard 76DFC31D 5 Bytes JMP 002B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetTopWindow 76DFCE0A 7 Bytes JMP 002B0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetClipboardSequenceNumber 76DFD8B7 5 Bytes JMP 002B0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!ChangeClipboardChain 76DFDF83 5 Bytes JMP 002B0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!CountClipboardFormats 76E00048 5 Bytes JMP 002B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetClipboardOwner 76E026EF 5 Bytes JMP 002B0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!SetClipboardData 76E16410 5 Bytes JMP 002B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!EnumClipboardFormats 76E16D16 5 Bytes JMP 002B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!SetCursorPos 76E16FB2 5 Bytes JMP 002B0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetClipboardData 76E1715A 5 Bytes JMP 002B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetClipboardFormatNameW 76E1A99F 5 Bytes JMP 002B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!EmptyClipboard 76E3398B 5 Bytes JMP 002B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetClipboardViewer 76E339ED 5 Bytes JMP 002B0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] USER32.dll!GetPriorityClipboardFormat 76E33AEF 5 Bytes JMP 002B03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 003303FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00330600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00331014 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00330804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00330A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00330C0C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00330E10 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 003301F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ole32.dll!OleGetClipboard 759E74C9 5 Bytes JMP 002C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ole32.dll!OleSetClipboard 75A111E3 5 Bytes JMP 002C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] ole32.dll!OleIsCurrentClipboard 75A1A8F9 5 Bytes JMP 002C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!FreeContextBuffer 75752D83 5 Bytes JMP 002E00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!DeleteSecurityContext 75752F18 5 Bytes JMP 002E0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!FreeCredentialsHandle 75753598 5 Bytes JMP 002E0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!EncryptMessage 75753745 5 Bytes JMP 002E01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!DecryptMessage 75753813 5 Bytes JMP 002E0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!InitializeSecurityContextA 757587DF 5 Bytes JMP 002E0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!AcquireCredentialsHandleA 75758A43 5 Bytes JMP 002E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!QueryContextAttributesA 75758E77 5 Bytes JMP 002E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!ApplyControlToken 7575DE4F 5 Bytes JMP 002E01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] Secur32.dll!QueryCredentialsAttributesA 7575E052 5 Bytes JMP 002E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 002101F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 002103FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00230600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00230804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00230A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 002301F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 002303FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 002403FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00240600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00241014 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00240804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00240A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00240C0C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00240E10 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4700] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 002401F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 60344470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] kernel32.dll!HeapSetInformation + 26 76F4A8B0 7 Bytes JMP 6034F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] kernel32.dll!LockResource + C 76F66ACB 7 Bytes JMP 60590459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] kernel32.dll!VirtualAllocEx + 54 76F6AF50 7 Bytes JMP 6059047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] GDI32.dll!SetStretchBltMode + 256 7700745C 7 Bytes JMP 605903DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000903FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00090600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00091014 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00090804 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00090A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00090C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00090E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[5636] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000901F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!InSendMessageEx + 4C9 76DDE7C8 7 Bytes JMP 606632C0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!CreateWindowExW + AA 76DE13AF 7 Bytes JMP 6066324F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!GetWindowInfo 76DE428E 5 Bytes JMP 604AA8A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5996] USER32.dll!SetMenuItemBitmaps + 71 76DF14EE 7 Bytes JMP 604AAED5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000803FC .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00081014 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00080804 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00080C0C .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00080E10 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00090600 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00090804 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Media Player\wmplayer.exe[7052] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000903FC .text C:\Windows\system32\consent.exe[7440] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\system32\consent.exe[7440] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\system32\consent.exe[7440] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\consent.exe[7440] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\consent.exe[7440] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\system32\consent.exe[7440] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\system32\consent.exe[7440] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\consent.exe[7440] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\consent.exe[7440] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Windows\System32\mobsync.exe[7536] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\System32\WUDFHost.exe[8060] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 000501F8 .text C:\Windows\System32\WUDFHost.exe[8060] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 000503FC .text C:\Windows\System32\WUDFHost.exe[8060] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 00070600 .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 00070C0C .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\WUDFHost.exe[8060] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\WUDFHost.exe[8060] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00080600 .text C:\Windows\System32\WUDFHost.exe[8060] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00080804 .text C:\Windows\System32\WUDFHost.exe[8060] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00080A08 .text C:\Windows\System32\WUDFHost.exe[8060] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 000801F8 .text C:\Windows\System32\WUDFHost.exe[8060] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 000803FC .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ntdll.dll!LdrLoadDll 77229378 5 Bytes JMP 001501F8 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ntdll.dll!LdrUnloadDll 7723B680 5 Bytes JMP 001503FC .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] kernel32.dll!GetBinaryTypeW + 70 76F72447 1 Byte [62] .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!CreateServiceW 75DB9EB4 5 Bytes JMP 001F03FC .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!DeleteService 75DBA07E 5 Bytes JMP 001F0600 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!SetServiceObjectSecurity 75DF6CD9 5 Bytes JMP 001F1014 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!ChangeServiceConfigA 75DF6DD9 5 Bytes JMP 001F0804 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!ChangeServiceConfigW 75DF6F81 5 Bytes JMP 001F0A08 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!ChangeServiceConfig2A 75DF7099 5 Bytes JMP 001F0C0C .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!ChangeServiceConfig2W 75DF71E1 5 Bytes JMP 001F0E10 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] ADVAPI32.dll!CreateServiceA 75DF72A1 5 Bytes JMP 001F01F8 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] USER32.dll!SetWindowsHookExA 76DD6322 5 Bytes JMP 00200600 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] USER32.dll!SetWindowsHookExW 76DD87AD 5 Bytes JMP 00200804 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] USER32.dll!UnhookWindowsHookEx 76DD98DB 5 Bytes JMP 00200A08 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] USER32.dll!SetWinEventHook 76DD9F3A 5 Bytes JMP 002001F8 .text C:\Users\Smakowscy\Downloads\tou5gqno.exe[8108] USER32.dll!UnhookWinEvent 76DDC06F 5 Bytes JMP 002003FC ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Windows\system32\services.exe[644] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002 IAT C:\Windows\system32\services.exe[644] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 002B07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 002B07D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 002B0790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[4156] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002B07D0 ---- EOF - GMER 2.0 ----